Overview

overview

10

Static

static

1

bcd9b7d4ca...a91.js

windows7-x64

10

bcd9b7d4ca...a91.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c56f106025e1853958f0745516c0b88f.bin

  • Size

    287KB

  • Sample

    230523-ca9fgsdd58

  • MD5

    d943632adee6fcbe8e1cac6baf7137f6

  • SHA1

    1645bef86e50835b7a2c3a828947bea056377cd7

  • SHA256

    5d2301553fff23a5727f55efadd8a28905f1ca8cc9ec8aa7a4b2f06ab66d0093

  • SHA512

    8edfe99928d9497654b4baa556c83940883096af9738e925b09a24f924f007b9c2a6280f1bd06db7c33225d7261fdf5469882ec772862ce0bd4a773196dcc9ed

  • SSDEEP

    6144:S7Zv27Uoi5bEDBkE7ieanNcekO0oFxAUJlz/EgNSqPY1Kl:OZveUjEDBHiNNzkCxAalrE/qPB

Score
10/10
bumblebeemc1905trojan

Malware Config

Extracted

Family

bumblebee

Botnet

mc1905

C2

92.119.178.40:443

32.54.188.44:443

194.135.33.160:443

192.198.82.59:443

103.175.16.151:443
rc4.plain

Targets

    • Target

      bcd9b7d4ca83e96704e00e378728db06291e8e2b50d68db22efd1f8974d1ca91.js

    • Size

      772KB

    • MD5

      c56f106025e1853958f0745516c0b88f

    • SHA1

      f3506be345eafb653e2c2c18410b8c4f5d1a2c26

    • SHA256

      bcd9b7d4ca83e96704e00e378728db06291e8e2b50d68db22efd1f8974d1ca91

    • SHA512

      facf6c8c5690209c1c905f96da1f6ef1ad8b86ab752e8714e73ae48781ff8bfec17813816862fe5d75a96d7c316c083d46e27accf4685e060c6555e882e24278

    • SSDEEP

      24576:93vle/E45Mk2h1K3G9EhRe4jEER9Fwf8TxzM34LM9gkIy9ByxZO9TLd8wDNGOi5t:plZ45Mk2h1aG9EhRe4jEy9Fwf8TxzM3s

    Score
    10/10
    bumblebeemc1905trojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks