bumblebee | 00ec8f3900336c7aeb31fef4d111ee6e33f12ad451bc5119d3e50ad80b2212b0 | Triage

Sharing

General

Target

Inv(05-19)Copy#17-42-47.js
Size

764KB
Sample

230519-wbzgfsfa73
MD5

b0a6293b17d888d5bbb00a2eec43bedd
SHA1

72ab1b2ab9e390ea842730aa78ed1d26561fdca2
SHA256

00ec8f3900336c7aeb31fef4d111ee6e33f12ad451bc5119d3e50ad80b2212b0
SHA512

d8c8bf15ab301fa25461a96add2d94fb799220390a358cad31bbd8ad4df41d2ff4f6ccead5129d24b5592cfa3d9230a32394f89318bc53cfe540fc6b27557d51
SSDEEP

12288:qo3Npw3bC42p8hQbShsCO8j5o08jGd963H+Y5a5zn75H5ZC5aerQM+ZzFWX8lLG2:qo3nIApkQbSX5jS08qdkn5azn715ZC58

Score

10^/10

bumblebee mc1905 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

mc1905

C2

92.119.178.40:443

32.54.188.44:443

194.135.33.160:443

192.198.82.59:443

103.175.16.151:443

rc4.plain

Targets

- Target
  
  Inv(05-19)Copy#17-42-47.js
- Size
  
  764KB
- MD5
  
  b0a6293b17d888d5bbb00a2eec43bedd
- SHA1
  
  72ab1b2ab9e390ea842730aa78ed1d26561fdca2
- SHA256
  
  00ec8f3900336c7aeb31fef4d111ee6e33f12ad451bc5119d3e50ad80b2212b0
- SHA512
  
  d8c8bf15ab301fa25461a96add2d94fb799220390a358cad31bbd8ad4df41d2ff4f6ccead5129d24b5592cfa3d9230a32394f89318bc53cfe540fc6b27557d51
- SSDEEP
  
  12288:qo3Npw3bC42p8hQbShsCO8j5o08jGd963H+Y5a5zn75H5ZC5aerQM+ZzFWX8lLG2:qo3nIApkQbSX5jS08qdkn5azn715ZC58
Score

10^/10

bumblebee mc1905 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebeemc1905trojan

behavioral2