bumblebee | d763681286d9d514420c27210746edd5bb9b563b626c0cdb2c61239292b86535 | Triage

Sharing

General

Target

d763681286d9d514420c27210746edd5bb9b563b626c0cdb2c61239292b86535.dll
Size

1.4MB
Sample

230420-wb35msdd4y
MD5

adcfd6939319c09ad8cbef72a81944a5
SHA1

154c1f4bc247d79789ec7eaf0feb92ea0d932445
SHA256

d763681286d9d514420c27210746edd5bb9b563b626c0cdb2c61239292b86535
SHA512

4f4fb6e9d2c833d4335dc816fbac2b5d25d3b95fdd1dced1b795c5564d367dca533eb743842fcf31ae74563cba451ae55b226e44f05b4745613b8e6e50e010ce
SSDEEP

24576:fno8Poz7SOWZlz7nnGqCk//xhxNbcFzPCC5lZXVQ:fjo/+GwPr

Score

10^/10

bumblebee mc1904 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

mc1904

C2

146.70.155.82:443

149.3.170.179:443

103.175.16.150:443

rc4.plain

Targets

- Target
  
  d763681286d9d514420c27210746edd5bb9b563b626c0cdb2c61239292b86535.dll
- Size
  
  1.4MB
- MD5
  
  adcfd6939319c09ad8cbef72a81944a5
- SHA1
  
  154c1f4bc247d79789ec7eaf0feb92ea0d932445
- SHA256
  
  d763681286d9d514420c27210746edd5bb9b563b626c0cdb2c61239292b86535
- SHA512
  
  4f4fb6e9d2c833d4335dc816fbac2b5d25d3b95fdd1dced1b795c5564d367dca533eb743842fcf31ae74563cba451ae55b226e44f05b4745613b8e6e50e010ce
- SSDEEP
  
  24576:fno8Poz7SOWZlz7nnGqCk//xhxNbcFzPCC5lZXVQ:fjo/+GwPr
Score

10^/10

bumblebee mc1904 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bumblebeemc1904trojan

behavioral2

bumblebeemc1904trojan