bumblebee | 212bddfe0446f5f5037d8452bb9f4fad2823502917546811a97d6b4c555d5ad6 | Triage

Resubmissions

21-06-2023 13:07

230621-qcx25ahe88 10

20-06-2023 06:50

230620-hly2sabg3s 3

Sharing

General

Target

1fb0c8b5d8ef25661fb0f89d676e2e49.dll.exe
Size

1.2MB
Sample

230621-qcx25ahe88
MD5

1fb0c8b5d8ef25661fb0f89d676e2e49
SHA1

1b284a2b2ab3c733603a702320d9c55c3b74bd91
SHA256

212bddfe0446f5f5037d8452bb9f4fad2823502917546811a97d6b4c555d5ad6
SHA512

a8033e6c6beac49a166f500b9991bfcff43be42d6579062ffd11f147a3c016ccb1f2de9b217f18e4ba00dd6acd0d9a8e898666acd885344e37cabc9b4ad297a3
SSDEEP

24576:V88Kjwqgo6dmg6XKZz0AUfOwZbB2aBnRLI151E/BgXRzyCF7z7vb:u7+ZU3TODE/CdPb

Score

10^/10

bumblebee mc1905 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

mc1905

C2

92.119.178.40:443

32.54.188.44:443

194.135.33.160:443

192.198.82.59:443

103.175.16.151:443

rc4.plain

Targets

- Target
  
  1fb0c8b5d8ef25661fb0f89d676e2e49.dll.exe
- Size
  
  1.2MB
- MD5
  
  1fb0c8b5d8ef25661fb0f89d676e2e49
- SHA1
  
  1b284a2b2ab3c733603a702320d9c55c3b74bd91
- SHA256
  
  212bddfe0446f5f5037d8452bb9f4fad2823502917546811a97d6b4c555d5ad6
- SHA512
  
  a8033e6c6beac49a166f500b9991bfcff43be42d6579062ffd11f147a3c016ccb1f2de9b217f18e4ba00dd6acd0d9a8e898666acd885344e37cabc9b4ad297a3
- SSDEEP
  
  24576:V88Kjwqgo6dmg6XKZz0AUfOwZbB2aBnRLI151E/BgXRzyCF7z7vb:u7+ZU3TODE/CdPb
Score

10^/10

bumblebee mc1905 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bumblebeemc1905trojan

behavioral2