bumblebee | e04c2e885c67bad3918e89e313f298a53ee6c772db0ac4b6a723d8da4eabaa72 | Triage

Submit
Reports

Overview

overview

Static

static

1

9576399981...7b.msi

windows7-x64

8

9576399981...7b.msi

windows10-2004-x64

Sharing

General

Target

10247125941.zip
Size

270.5MB
Sample

230428-mgh7zsdc84
MD5

52874daf4146d1ddb00dac1eef57da67
SHA1

8c138d6607f3b1060b731b60f0671e7a1f02bde8
SHA256

e04c2e885c67bad3918e89e313f298a53ee6c772db0ac4b6a723d8da4eabaa72
SHA512

5f2c1e42334f3a2e98f35075906e582eae889e35e638aa8870219c65daf630abc8d326b53072203a9e25f9fed71c3f27b7b77b72e474a28ba98058037e3d6f57
SSDEEP

6291456:4gsr5+7jaO2QqRX30c0FeehRE2dGDkbMtBVO009LfTGJZHDKE:+d+HjsH0c+5E2dGuKB0r+JZZ

Score

10^/10

bumblebee citr10803 trojan

Static task

static1

Behavioral task

behavioral1

Sample

957639998125a31c998b0104dba7f463d0659716a0a5b62fcc82eb28a0c0477b.msi

Resource

win7-20230220-en

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

957639998125a31c998b0104dba7f463d0659716a0a5b62fcc82eb28a0c0477b.msi

Resource

win10v2004-20230220-en

bumblebee citr10803 trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

bumblebee

rc4.plain

Extracted

Family

bumblebee

Botnet

citr10803

C2

104.168.171.97:443

149.255.35.138:443

51.83.250.168:443

rc4.plain

Targets

- Target
  
  957639998125a31c998b0104dba7f463d0659716a0a5b62fcc82eb28a0c0477b
- Size
  
  270.5MB
- MD5
  
  522c0b0d445c62cdeb0a80bcce645d57
- SHA1
  
  5dad52c67d114f7a3a5a1e7ae5b15b581054d468
- SHA256
  
  957639998125a31c998b0104dba7f463d0659716a0a5b62fcc82eb28a0c0477b
- SHA512
  
  97da31389ca0986c5f63244573ad0edd6c83feb7e9c44557acfb51832db308c6165cdd390d1555ee8dec941cc0cb896fa1ccc59cbf7b9de9610003f0bd2e8a48
- SSDEEP
  
  6291456:FTUNwNgD8hhlK4sCC90uWHgnNfTSeHRAod2da0Dmq75UpY21DYJ5HI:1UN5DqKnCULtnlnAM2kE5Gco
Score

10^/10

bumblebee citr10803 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bumblebeecitr10803trojan

© 2018-2025

Terms | Privacy