bumblebee | f5cbfffa43e8280cd9b68bea2c612adb5aa47fe802d28db48dfd1d9291f4ad71 | Triage

Resubmissions

19-05-2023 17:41

230519-v9swwsfa67 10

19-05-2023 17:27

230519-v1pg4shg3z 3

Sharing

General

Target

f5cbfffa43e8280cd9b68bea2c612adb5aa47fe802d28db48dfd1d9291f4ad71
Size

1.2MB
Sample

230519-v9swwsfa67
MD5

7fd8bdc919af08976d6d7eb800015ade
SHA1

3ab4d86f12c9efad4f5e17cd0163724e8b77e8aa
SHA256

f5cbfffa43e8280cd9b68bea2c612adb5aa47fe802d28db48dfd1d9291f4ad71
SHA512

c17af8f706dba273e91046961f8a4855ab49603f8dec9360074c0a4bb0a429f3c24821f0665cb80a6d194f5e8a45a3c5dad890d9fa5c7c8571ea0af1296977f2
SSDEEP

24576:5XK6ZFu5DoLYiLgBoAFvEAvxm4i0uuxhJV8e11g:RS4/AFGe4

Score

10^/10

bumblebee mc1905 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

mc1905

C2

92.119.178.40:443

32.54.188.44:443

194.135.33.160:443

192.198.82.59:443

103.175.16.151:443

rc4.plain

Targets

- Target
  
  f5cbfffa43e8280cd9b68bea2c612adb5aa47fe802d28db48dfd1d9291f4ad71
- Size
  
  1.2MB
- MD5
  
  7fd8bdc919af08976d6d7eb800015ade
- SHA1
  
  3ab4d86f12c9efad4f5e17cd0163724e8b77e8aa
- SHA256
  
  f5cbfffa43e8280cd9b68bea2c612adb5aa47fe802d28db48dfd1d9291f4ad71
- SHA512
  
  c17af8f706dba273e91046961f8a4855ab49603f8dec9360074c0a4bb0a429f3c24821f0665cb80a6d194f5e8a45a3c5dad890d9fa5c7c8571ea0af1296977f2
- SSDEEP
  
  24576:5XK6ZFu5DoLYiLgBoAFvEAvxm4i0uuxhJV8e11g:RS4/AFGe4
Score

10^/10

bumblebee mc1905 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bumblebeemc1905trojan

behavioral2

bumblebeemc1905trojan