bumblebee | a6b6f337d4bbc0aa57223ce4397d288f68e5454da1dd3b28a0deccaabd7e2abf | Triage

Sharing

General

Target

4d15f28ab76398b3b9db892f23aed6e5.bin
Size

567B
Sample

230507-b9vkyaba98
MD5

9774172290f1c4c8ceb31665844e7ee7
SHA1

aff6796d23ff45016b170c168f29449a2f5d7294
SHA256

a6b6f337d4bbc0aa57223ce4397d288f68e5454da1dd3b28a0deccaabd7e2abf
SHA512

b8edc3ff2ffc2e36d739b6d1ecceb8c176e14d97dafda8b20920aaad57bb2131140fd5706ecbadab4b4f7e6c52c03abb03df86365b502e5efc8e4f148534fa88

Score

10^/10

bumblebee mc1904 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

mc1904

C2

146.70.155.82:443

149.3.170.179:443

103.175.16.150:443

rc4.plain

Targets

- Target
  
  6cd1385131c6f1a0d3e8ec158155a666c1d77319a20c04ca1afa876da5da5d4e.unknown
- Size
  
  304B
- MD5
  
  4d15f28ab76398b3b9db892f23aed6e5
- SHA1
  
  43011ca0c15f268e4b720a47241a8c8f6e4bd057
- SHA256
  
  6cd1385131c6f1a0d3e8ec158155a666c1d77319a20c04ca1afa876da5da5d4e
- SHA512
  
  1af2ab5ae3a6d820d2e523c34bc34ff4a69c0ffc21612cabe08e6bb2b269f4439e073e1bec441817d2280875ce1f7276f2e6eb8f1f17c2d10b40002b4fe65205
Score

10^/10

bumblebee mc1904 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bumblebeemc1904trojan