Overview

overview

10

Static

static

1

Inv(05-19)...-05.js

windows7-x64

10

Inv(05-19)...-05.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Inv(05-19)Copy#10-44-05.js

  • Size

    777KB

  • Sample

    230520-nn9tyseg3t

  • MD5

    2f9a34e5769063b7357414e4158d7831

  • SHA1

    8c67c7646ce4b085c6f45863a9d0e38742cd688e

  • SHA256

    07d2cb0dc0cd353fb210b065733743078e79c4a27c42872cd516a6b1fb1f00d1

  • SHA512

    6c71c761fad3319d46852381e05cb35100132c5ba44ac986439cb327d5d9d4b1a83a88cb84d95e192df893a93e53aa73a08127267cd0a3b82a23f57da8c7858e

  • SSDEEP

    24576:63BAIiUtmsPkFUcZnGVVTiEKMqSFcpNSXpNiELOjoEzZcQlGzJpxuJNM3cBFWUQo:hwmsPkqknQVTiEKMqSFcpQXpNiELOjoe

Score
10/10
bumblebeemc1905trojan

Malware Config

Extracted

Family

bumblebee

Botnet

mc1905

C2

92.119.178.40:443

32.54.188.44:443

194.135.33.160:443

192.198.82.59:443

103.175.16.151:443
rc4.plain

Targets

    • Target

      Inv(05-19)Copy#10-44-05.js

    • Size

      777KB

    • MD5

      2f9a34e5769063b7357414e4158d7831

    • SHA1

      8c67c7646ce4b085c6f45863a9d0e38742cd688e

    • SHA256

      07d2cb0dc0cd353fb210b065733743078e79c4a27c42872cd516a6b1fb1f00d1

    • SHA512

      6c71c761fad3319d46852381e05cb35100132c5ba44ac986439cb327d5d9d4b1a83a88cb84d95e192df893a93e53aa73a08127267cd0a3b82a23f57da8c7858e

    • SSDEEP

      24576:63BAIiUtmsPkFUcZnGVVTiEKMqSFcpNSXpNiELOjoEzZcQlGzJpxuJNM3cBFWUQo:hwmsPkqknQVTiEKMqSFcpQXpNiELOjoe

    Score
    10/10
    bumblebeemc1905trojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks