bumblebee | 130ec3dc6a89f40283c30557752d8cfc2fbf4cf364e8d9ec998af8fc0718448a | Triage

Submit
Reports

Overview

overview

Static

static

1

ZoomInstallerFull.msi

windows10-2004-x64

Sharing

General

Target

ZoomInstallerFull.msi
Size

25.9MB
Sample

230323-l4my1sgh3z
MD5

8e6132ab97c32046c10b4e38a9105c75
SHA1

aa90e1438dc791d241b8668eecb3e3f344759542
SHA256

130ec3dc6a89f40283c30557752d8cfc2fbf4cf364e8d9ec998af8fc0718448a
SHA512

aedc83b294523471a8f608cc998a6ab6c2045c71a77c0c007d135fb5f6ca65ba5b9bf5fbd6e52bbe85146213bb8efff29657052355504498cb8aebe30d4eab77
SSDEEP

786432:lQrpQ7w8q9m0xOPhXvN2A2sAPk3W23hykVXN:lQr27l0UZ/NV0k3H3UCXN

Score

10^/10

bumblebee zm22103 discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

ZoomInstallerFull.msi

Resource

win10v2004-20230220-en

bumblebee zm22103 discovery trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

bumblebee

rc4.plain

Extracted

Family

bumblebee

Botnet

zm22103

C2

107.189.1.219:443

45.66.248.64:443

194.135.33.90:443

23.106.215.17:443

146.70.152.221:443

64.44.102.202:443

rc4.plain

Targets

- Target
  
  ZoomInstallerFull.msi
- Size
  
  25.9MB
- MD5
  
  8e6132ab97c32046c10b4e38a9105c75
- SHA1
  
  aa90e1438dc791d241b8668eecb3e3f344759542
- SHA256
  
  130ec3dc6a89f40283c30557752d8cfc2fbf4cf364e8d9ec998af8fc0718448a
- SHA512
  
  aedc83b294523471a8f608cc998a6ab6c2045c71a77c0c007d135fb5f6ca65ba5b9bf5fbd6e52bbe85146213bb8efff29657052355504498cb8aebe30d4eab77
- SSDEEP
  
  786432:lQrpQ7w8q9m0xOPhXvN2A2sAPk3W23hykVXN:lQr27l0UZ/NV0k3H3UCXN
Score

10^/10

bumblebee zm22103 discovery trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebeezm22103discoverytrojan

© 2018-2025

Terms | Privacy