bumblebee

General

Target

b3.msi
Size

116.2MB
Sample

230403-lhgvwadh42
MD5

d0e17863388ca516c2f400a40ed36c60
SHA1

afb74843e1d4fa1308358efe54a3f55727240c03
SHA256

9ab088aa97b858588bc10e9f45770515fd4e437f95b4171b6746ae55589261e9
SHA512

c3226588152bbaa654c4e586bfe79e9a1b3eb8fac65cbd6042c0d252e5ccf83efe0e276de8525166bcd6b1ffd6f60826e6718075554befee5b30f88e7e137fd4
SSDEEP

3145728:tcAqhqmGLNC7/Y37u2cXP26ZXSTMovMgw+MfkBgcEOE/TeSMymrZV9PC:Rqhqt8/Y/2E5JMlOE/a3TrZ

Score

10^/10

Malware Config

Extracted

Family

bumblebee

rc4.plain

Extracted

Family

bumblebee

Botnet

tr23103

C2

103.144.139.164:443

64.44.102.85:443

198.98.60.196:443

45.61.184.8:443

173.234.155.143:443

209.141.48.221:443

rc4.plain

Targets

- Target
  
  b3.msi
- Size
  
  116.2MB
- MD5
  
  d0e17863388ca516c2f400a40ed36c60
- SHA1
  
  afb74843e1d4fa1308358efe54a3f55727240c03
- SHA256
  
  9ab088aa97b858588bc10e9f45770515fd4e437f95b4171b6746ae55589261e9
- SHA512
  
  c3226588152bbaa654c4e586bfe79e9a1b3eb8fac65cbd6042c0d252e5ccf83efe0e276de8525166bcd6b1ffd6f60826e6718075554befee5b30f88e7e137fd4
- SSDEEP
  
  3145728:tcAqhqmGLNC7/Y37u2cXP26ZXSTMovMgw+MfkBgcEOE/TeSMymrZV9PC:Rqhqt8/Y/2E5JMlOE/a3TrZ
Score

10^/10

bumblebee tr23103 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Blocklisted process makes network request

Executes dropped EXE

Enumerates connected drives

Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2