bumblebee

Sharing

Copy URL

Twitter E-mail

General

Target

10406548368.zip
Size

4.5MB
Sample

230512-dwlrzsbf39
MD5

54b79f46bd6d03fdbac681091aa757de
SHA1

2233f84e1b31bc8daf04e067e614124a96449616
SHA256

46dd9977519866a5e3c0118758eeeaef0bdf235199da78f9021368230e0a90e8
SHA512

36a454e72f642fc176a8f362ab41e78064ca0f678a001c0b83da6e8b886d0fda5c08de4c917f70594c7bc62983e1d8302946c5c3801ee16cca78909537583968
SSDEEP

98304:zzZAliCAuTZ5l3BaJi5s/Ezc96Mnt5d3BxGNTeGhKIgK+/+SHI/1KUt9Yv7plZ:ztQiClZvRt5AEwPr2NTxhKvK+NoJ0v79

Score

10^/10

Malware Config

Extracted

Family

bumblebee

rc4.plain

Extracted

Family

bumblebee

Botnet

mc1904

146.70.155.82:443

149.3.170.179:443

103.175.16.150:443

rc4.plain

Extracted

Family

bumblebee

Botnet

21maca

108.62.141.20:443

104.168.140.145:443

51.68.145.171:443

108.62.118.170:443

192.119.72.133:443

23.108.57.201:443

rc4.plain

Extracted

Family

bumblebee

Botnet

inst

37.79.205.12:443

51.83.255.85:443

192.119.81.86:443

23.106.215.141:443

194.15.216.247:443

104.168.244.96:443

rc4.plain

Extracted

Family

bumblebee

Botnet

202lg

104.168.157.253:443

209.141.40.19:443

107.189.5.17:443

23.254.167.63:443

91.206.178.234:443

146.19.173.86:443

103.175.16.104:443

194.135.33.85:443

173.234.155.246:443

51.68.144.43:443

172.86.120.111:443

160.20.147.242:443

51.75.62.204:443

205.185.113.34:443

194.135.33.184:443

23.82.140.155:443

185.173.34.35:443

rc4.plain

Targets

- Target
  
  05aa0587937c153ffbd573c6ba35a446e7c9eae62a39308d6e800e127156c468
- Size
  
  1.4MB
- MD5
  
  5ac5d2bfb46d310338ad8bb70a0b562d
- SHA1
  
  bf07b0e67bb50fec99ff89b17ec6d4f8a19a57e0
- SHA256
  
  05aa0587937c153ffbd573c6ba35a446e7c9eae62a39308d6e800e127156c468
- SHA512
  
  0ff11a63877ff9e1dfb3abb58ca565754571d8da6cfb180c4926ff97921a8c207eb5ffd6fb53593f7342c1b602c7a9fefa86f1a34a6663f7aac956bfb1fd252f
- SSDEEP
  
  24576:XS9VBCocBwQ4v4by+6WUjI9+Wq6w6bX2du9RXr+3:C9CJBp9WHFIJq6Pbmd2RXW
Score

10^/10

bumblebee 21maca trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2
- Target
  
  187754f20558b7d67abb233e84ee14a85ea1791983d87d5a4dfe062799ae3d3c
- Size
  
  1.4MB
- MD5
  
  2f7cc32eab5132846f2c60cd49b11503
- SHA1
  
  a3bd016dd1d2f26857594d4d60f36bc73e9ede99
- SHA256
  
  187754f20558b7d67abb233e84ee14a85ea1791983d87d5a4dfe062799ae3d3c
- SHA512
  
  2ad2ca1341a5603c76ee0137d88b7134aec944333c41b0aca3af3ca3415e65127225c6b1753d11bf0a1d3b570e00fa6ebb95824f09e048d13d45dfae0ef8e433
- SSDEEP
  
  24576:o9sBKJRPFHYCRNJYM9WFw7/ekQ6o2LRNtVRIO72f6hPEK3X5Kk:yhzLRQQ
Score

3^/10
behavioral3 behavioral4
- Target
  
  2d5c9b33ed298f5fb67ce869c74b2f2ec9179a924780da65fcbc1a0e0463c5d0
- Size
  
  1.4MB
- MD5
  
  deea9419fa5187f9f454609d4d173c19
- SHA1
  
  81557fb9c53bae28c27ef6120c94c30012b408fa
- SHA256
  
  2d5c9b33ed298f5fb67ce869c74b2f2ec9179a924780da65fcbc1a0e0463c5d0
- SHA512
  
  373362932236347a7bfc06c86a1aa746cfdacafaf5b5433e368396c69a8e46039044d243cf812a163cfd1ebb796bea7480c2b495c25d7509719703f2b3da33ef
- SSDEEP
  
  24576:GJAx41SXU4LG5Vlcz8PBhNbJgwm9CEl9DAvOBddLfl93pb3:g0bG5Vyz8B9gwm95AAdhfD3
Score

10^/10

bumblebee 202lg trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral5 behavioral6
- Target
  
  35f2ec59313bbe5b78e4b043f06f8961f6f3e77b870544d15ee7cc1fca987d8c
- Size
  
  1.6MB
- MD5
  
  1eb4bd24c3d02a38a333eaeee4b9b49d
- SHA1
  
  3c85c03088b07bfcbbe969af0cbdde9bd26e69d8
- SHA256
  
  35f2ec59313bbe5b78e4b043f06f8961f6f3e77b870544d15ee7cc1fca987d8c
- SHA512
  
  3581aa74972f21bf22191181a9db68ec6db1071b153ee4a40519129b34c6be3cdbe32e3a65d4ad64f20bd224fb2d2f91e72139b250b69a0c80456f80a3c2cff5
- SSDEEP
  
  24576:drYB2BBDhQ0uQn65tmj83OA7IBgXOB6ycon/sl3O6mvV4:dhT+fhavA8BIfyF/st
Score

10^/10

bumblebee inst trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral7 behavioral8
- Target
  
  9570591e6b867c4f84aa74812957f13bc648ba7d2f1cbff9545005ededcb45f9
- Size
  
  1.6MB
- MD5
  
  e8b42b455ad5c4d250dd4fd42b227fc4
- SHA1
  
  b1407fe42481ab0a707bb2cb161ebdc00c55c513
- SHA256
  
  9570591e6b867c4f84aa74812957f13bc648ba7d2f1cbff9545005ededcb45f9
- SHA512
  
  821cdbad69ecdf13293b88ec89252503dc67c874f5b34859769cdd37047520ff13f818443aee53a7e8c1793c44f439de2ea0d09a74170ff0020bf0aaab93c4e3
- SSDEEP
  
  24576:tCqGvilxnZNLziKkRvfGbc7UxlG5BhC526U2Lo+1f0EN:tCD4Zyxa9lrDZ
Score

10^/10

bumblebee inst trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral10 behavioral9
- Target
  
  d6fd979020f6dd1d550b08fe33fec962359efe1479fca5a7d4240e9e05540cf0
- Size
  
  1.4MB
- MD5
  
  0432dc279cbe519e4a35c4b2dba8b0cd
- SHA1
  
  c65318792a607947dcf3ab889fe10de98139b6e3
- SHA256
  
  d6fd979020f6dd1d550b08fe33fec962359efe1479fca5a7d4240e9e05540cf0
- SHA512
  
  270cffa65df1006c67057310911033b8b4d67cb3d21233d65283502a594c7270b7780203476d5e95bd6923002c70cc527ccd961bc7adcfd45184638fa040d88c
- SSDEEP
  
  24576:VO2dVaRrhSk8Bhwm2z8f6ZzoIo9Zx/f9FwwxlXwP20/Yibi:yrEk8wm2Yf6Zdo9Zx/nrxROP/b+
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

Suspicious use of NtCreateThreadExHideFromDebugger

BumbleBee

Suspicious use of NtCreateThreadExHideFromDebugger

BumbleBee

Suspicious use of NtCreateThreadExHideFromDebugger

BumbleBee

Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12