bumblebee | 9850437315a9455072d7d02dec6665e2a20345db0faa35eeaca209a5541aa755 | Triage

Sharing

General

Target

518fc2e647ec1a068d96699a7c81f09f.bin
Size

85KB
Sample

230422-bvlpgsdd5x
MD5

6f379be122bc25a1bfde14da5268c4d5
SHA1

f994b8e0b2485d9d6c3e4c52e1dcda84307a57ff
SHA256

9850437315a9455072d7d02dec6665e2a20345db0faa35eeaca209a5541aa755
SHA512

26043a012b58c7283327192dcfeec780119dbafdff736aa8f513ad47a6fa969cd6f21fb448b99527486ba9e1ebe57810f4f3f39ac654d3a1d75b5d73a4ae2b60
SSDEEP

1536:V0WjPoNIZdCbk92iwE72Eek1V0YDH4Iv+Lopm75P1DBGENDOu:V0WjaTk92FEaEee6O4IvwFZGE1Ou

Score

10^/10

bumblebee mc1904 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

mc1904

C2

146.70.155.82:443

149.3.170.179:443

103.175.16.150:443

rc4.plain

Targets

- Target
  
  5b7dfd88fcbbbb7e3d1b4b6606c4fdd10397dd5c00e18cfe83cd9a94ed136246.wsf
- Size
  
  178KB
- MD5
  
  518fc2e647ec1a068d96699a7c81f09f
- SHA1
  
  2f1852128b1797ecb20557109c503197992d5ff7
- SHA256
  
  5b7dfd88fcbbbb7e3d1b4b6606c4fdd10397dd5c00e18cfe83cd9a94ed136246
- SHA512
  
  2bf8fe6ac6316b64ba2f57ca9e6bdc922913d07b5a2cd9efeae453feb2ac7bc9e621b706ca245673a9b2d73d437592b9f2cedf78e5370db8f3dc8e6afbf3ee76
- SSDEEP
  
  3072:1eULHHO+zbe2qOX/w+A429OutoWjVM8kgCRreRlW+Q5HUJAWo5hiaPJhO5Q51lJO:Y8SOXY7txjVM8kgUeRlW+FAWo5AaPjCb
Score

10^/10

bumblebee mc1904 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bumblebeemc1904trojan