Overview

overview

10

Static

static

1

3u.ps1

windows7-x64

1

3u.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3u.ps1

  • Size

    2.2MB

  • Sample

    230404-szsr2agc73

  • MD5

    f9400abd6228a51e8e05085eccafc313

  • SHA1

    807dedf3cc9802a77885975e88027727999ab762

  • SHA256

    54f28031ae6742e825a113b0437db1d0d16bec6668629bc5bbe656446ce45db1

  • SHA512

    5d3413586fc066c9c006dfde4f1e8d1d8057a0cdd3024d7fdcf365c9a0b638763e3b143b9acb1f0ec2b652ab353d3d10e29ed5232f88901756697df8c7743a90

  • SSDEEP

    24576:mRQnNmYwNUFN1Jt3ld6+1qek4SuB3o9JAmjwNSUJWEAm4Rvy7leMoG0Fi78:mR7eFNTg+1YjwvO+b78

Score
10/10
bumblebeetr23103trojan

Malware Config

Extracted

Family

bumblebee

rc4.plain

Extracted

Family

bumblebee

Botnet

tr23103

C2

103.144.139.164:443

64.44.102.85:443

198.98.60.196:443

45.61.184.8:443

173.234.155.143:443

209.141.48.221:443
rc4.plain

Targets

    • Target

      3u.ps1

    • Size

      2.2MB

    • MD5

      f9400abd6228a51e8e05085eccafc313

    • SHA1

      807dedf3cc9802a77885975e88027727999ab762

    • SHA256

      54f28031ae6742e825a113b0437db1d0d16bec6668629bc5bbe656446ce45db1

    • SHA512

      5d3413586fc066c9c006dfde4f1e8d1d8057a0cdd3024d7fdcf365c9a0b638763e3b143b9acb1f0ec2b652ab353d3d10e29ed5232f88901756697df8c7743a90

    • SSDEEP

      24576:mRQnNmYwNUFN1Jt3ld6+1qek4SuB3o9JAmjwNSUJWEAm4Rvy7leMoG0Fi78:mR7eFNTg+1YjwvO+b78

    Score
    10/10
    bumblebeetr23103trojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Blocklisted process makes network request

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks