bumblebee | 6cd1385131c6f1a0d3e8ec158155a666c1d77319a20c04ca1afa876da5da5d4e | Triage

Sharing

General

Target

lIMew1Q9.ylw
Size

304B
Sample

230507-k4mgtafb31
MD5

4d15f28ab76398b3b9db892f23aed6e5
SHA1

43011ca0c15f268e4b720a47241a8c8f6e4bd057
SHA256

6cd1385131c6f1a0d3e8ec158155a666c1d77319a20c04ca1afa876da5da5d4e
SHA512

1af2ab5ae3a6d820d2e523c34bc34ff4a69c0ffc21612cabe08e6bb2b269f4439e073e1bec441817d2280875ce1f7276f2e6eb8f1f17c2d10b40002b4fe65205

Score

10^/10

bumblebee mc1904 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

mc1904

C2

146.70.155.82:443

149.3.170.179:443

103.175.16.150:443

rc4.plain

Targets

- Target
  
  lIMew1Q9.ylw
- Size
  
  304B
- MD5
  
  4d15f28ab76398b3b9db892f23aed6e5
- SHA1
  
  43011ca0c15f268e4b720a47241a8c8f6e4bd057
- SHA256
  
  6cd1385131c6f1a0d3e8ec158155a666c1d77319a20c04ca1afa876da5da5d4e
- SHA512
  
  1af2ab5ae3a6d820d2e523c34bc34ff4a69c0ffc21612cabe08e6bb2b269f4439e073e1bec441817d2280875ce1f7276f2e6eb8f1f17c2d10b40002b4fe65205
Score

10^/10

bumblebee mc1904 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bumblebeemc1904trojan