General

  • Target

    IN(11)-9-12-2023_218082.vbs

  • Size

    1KB

  • Sample

    230913-yfgtbaee6t

  • MD5

    1be17a0ac48cab72a10836953c8186b0

  • SHA1

    d5bdf81792cc2434d49bae66b1cc60027220298c

  • SHA256

    e7407a0fe469fda07809db9a264e4c423d9f740344abca7675e9e78a9ede9f3c

  • SHA512

    38a7e2121975a5ef80db59d81f3bca3fe845f4072a7b068d09707690b851b5e41ccf899ca7ff732ccb770528b772cdc2efadecf9d5a7bd34678d1c00053038f5

Score
10/10

Malware Config

Extracted

Family

bumblebee

Botnet

js1

rc4.plain

Targets

    • Target

      IN(11)-9-12-2023_218082.vbs

    • Size

      1KB

    • MD5

      1be17a0ac48cab72a10836953c8186b0

    • SHA1

      d5bdf81792cc2434d49bae66b1cc60027220298c

    • SHA256

      e7407a0fe469fda07809db9a264e4c423d9f740344abca7675e9e78a9ede9f3c

    • SHA512

      38a7e2121975a5ef80db59d81f3bca3fe845f4072a7b068d09707690b851b5e41ccf899ca7ff732ccb770528b772cdc2efadecf9d5a7bd34678d1c00053038f5

    Score
    10/10
    • BumbleBee

      BumbleBee is a webshell malware written in C++.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks