Overview

overview

10

Static

static

1

bum.ps1

windows7-x64

1

bum.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bum

  • Size

    2.2MB

  • Sample

    230419-h2xhwsag7y

  • MD5

    95d1e51db007668a176e0203afb4816c

  • SHA1

    e7856701d9c5de497b9c28465db059be6954f541

  • SHA256

    8c9373fd5b6412df5a49ed8cbe38640d6b167ef79a83f9d25b2c2bff2417a8b2

  • SHA512

    4f475b1d7a0698836c48a7d533851f879af954ff3e2871cbb62cd55c8f41ea4c876dc6be9eca48b81fa897894c41a224353f6490b3a59fd542fecb7f26dc413a

  • SSDEEP

    24576:bb6zC8eTmNIpd0RBkc+wgzDQvnELa1EAuIhxXBdeS1YM/y+twTXgNdkXl8:bcamyVDSJ/7twTzy

Score
10/10
bumblebee2301lmstrojan

Malware Config

Extracted

Family

bumblebee

Botnet

2301lms

C2

62.113.238.68:443

199.195.249.106:443

104.219.233.101:443
rc4.plain

Targets

    • Target

      bum

    • Size

      2.2MB

    • MD5

      95d1e51db007668a176e0203afb4816c

    • SHA1

      e7856701d9c5de497b9c28465db059be6954f541

    • SHA256

      8c9373fd5b6412df5a49ed8cbe38640d6b167ef79a83f9d25b2c2bff2417a8b2

    • SHA512

      4f475b1d7a0698836c48a7d533851f879af954ff3e2871cbb62cd55c8f41ea4c876dc6be9eca48b81fa897894c41a224353f6490b3a59fd542fecb7f26dc413a

    • SSDEEP

      24576:bb6zC8eTmNIpd0RBkc+wgzDQvnELa1EAuIhxXBdeS1YM/y+twTXgNdkXl8:bcamyVDSJ/7twTzy

    Score
    10/10
    bumblebee2301lmstrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Blocklisted process makes network request

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks