bumblebee | 187754f20558b7d67abb233e84ee14a85ea1791983d87d5a4dfe062799ae3d3c | Triage

Resubmissions

21-04-2023 01:45

230421-b6dg9afd6x 10

20-04-2023 19:19

230420-x1hexabh38 3

Sharing

General

Target

3oCGqe4g.UBr.exe
Size

1.4MB
Sample

230421-b6dg9afd6x
MD5

2f7cc32eab5132846f2c60cd49b11503
SHA1

a3bd016dd1d2f26857594d4d60f36bc73e9ede99
SHA256

187754f20558b7d67abb233e84ee14a85ea1791983d87d5a4dfe062799ae3d3c
SHA512

2ad2ca1341a5603c76ee0137d88b7134aec944333c41b0aca3af3ca3415e65127225c6b1753d11bf0a1d3b570e00fa6ebb95824f09e048d13d45dfae0ef8e433
SSDEEP

24576:o9sBKJRPFHYCRNJYM9WFw7/ekQ6o2LRNtVRIO72f6hPEK3X5Kk:yhzLRQQ

Score

10^/10

bumblebee mc1904 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

mc1904

C2

146.70.155.82:443

149.3.170.179:443

103.175.16.150:443

rc4.plain

Targets

- Target
  
  3oCGqe4g.UBr.exe
- Size
  
  1.4MB
- MD5
  
  2f7cc32eab5132846f2c60cd49b11503
- SHA1
  
  a3bd016dd1d2f26857594d4d60f36bc73e9ede99
- SHA256
  
  187754f20558b7d67abb233e84ee14a85ea1791983d87d5a4dfe062799ae3d3c
- SHA512
  
  2ad2ca1341a5603c76ee0137d88b7134aec944333c41b0aca3af3ca3415e65127225c6b1753d11bf0a1d3b570e00fa6ebb95824f09e048d13d45dfae0ef8e433
- SSDEEP
  
  24576:o9sBKJRPFHYCRNJYM9WFw7/ekQ6o2LRNtVRIO72f6hPEK3X5Kk:yhzLRQQ
Score

10^/10

bumblebee mc1904 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bumblebeemc1904trojan

behavioral2