bumblebee | f0098ef0f31aa50b097bfb3ac7e420c518a697394a0ffed54640a55045263fa9 | Triage

Submit
Reports

Overview

overview

Static

static

1

cfgtbvh.exe

windows10-2004-x64

Resubmissions

05-04-2023 07:25

230405-h87mfaed2x 10

04-04-2023 22:20

230404-183btscc4v 10

Sharing

General

Target

cfgtbvh.exe
Size

237KB
Sample

230405-h87mfaed2x
MD5

51b3cddd75069bda9deb36fd539442e2
SHA1

a5183c20f329a3ea3726ce2c8300b0f2654ab531
SHA256

f0098ef0f31aa50b097bfb3ac7e420c518a697394a0ffed54640a55045263fa9
SHA512

50e78682a53f0ef631e7faaf2892057b35e5895afee8d8520f2a3a49f99e239912bef67e8ebe70b099528b5a1753a06aad0675bc3dec64b9a2e7b605ced2d06c
SSDEEP

6144:DL3v+mWnRzxvqRYwqgft1rSVsMAdaV/BaW:D7v+myRtqRYRgX20di/F

Score

10^/10

bumblebee rhadamanthys smokeloader inst pub4 BumbleBee backdoor collection stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

cfgtbvh.exe

Resource

win10v2004-20230220-en

bumblebee rhadamanthys smokeloader inst pub4 BumbleBee backdoor collection stealer trojan

windows10-2004-x64

21 signatures

1800 seconds

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://aapu.at/tmp/

http://poudineh.com/tmp/

http://firsttrusteedrx.ru/tmp/

http://kingpirate.ru/tmp/

rc4.i32

rc4.i32

Extracted

Family

bumblebee

Botnet

inst

C2

194.15.216.247:443

23.106.215.141:443

104.168.244.96:443

51.83.255.85:443

192.119.81.86:443

rc4.plain

Targets

- Target
  
  cfgtbvh.exe
- Size
  
  237KB
- MD5
  
  51b3cddd75069bda9deb36fd539442e2
- SHA1
  
  a5183c20f329a3ea3726ce2c8300b0f2654ab531
- SHA256
  
  f0098ef0f31aa50b097bfb3ac7e420c518a697394a0ffed54640a55045263fa9
- SHA512
  
  50e78682a53f0ef631e7faaf2892057b35e5895afee8d8520f2a3a49f99e239912bef67e8ebe70b099528b5a1753a06aad0675bc3dec64b9a2e7b605ced2d06c
- SSDEEP
  
  6144:DL3v+mWnRzxvqRYwqgft1rSVsMAdaV/BaW:D7v+myRtqRYRgX20di/F
Score

10^/10

bumblebee rhadamanthys smokeloader inst pub4 BumbleBee backdoor collection stealer trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Detect rhadamanthys stealer shellcode
- Detects win.bumblebee.
  Detects BumbleBee Payload.
  BumbleBee
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebeerhadamanthyssmokeloaderinstpub4BumbleBeebackdoorcollectionstealertrojan

© 2018-2025

Terms | Privacy