bumblebee | e8fec6cb888d59401c00b0ba9dcdff2285a71c88ff82de1ede13766ecf2910b3 | Triage

Resubmissions

09-10-2023 22:51

231009-2svgqaba35 8

15-09-2023 13:25

230915-qn1bmaca6s 10

Sharing

General

Target

IN(11)-9-12-2023_258806.vbs
Size

1KB
Sample

230915-qn1bmaca6s
MD5

7b62afd1f1ec24823da003793e6e58be
SHA1

5220e8670f31beeb7233c88aa99fb5b623d067f0
SHA256

e8fec6cb888d59401c00b0ba9dcdff2285a71c88ff82de1ede13766ecf2910b3
SHA512

f3bc89c42a03c37ec8a5235b806226ddfa6444b04e6844fbce1d8281b75a6c65bb81dc14b39e7af16868a832814254883fb2dde983596c5da48deef9eff00d08

Score

10^/10

bumblebee js1 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

js1

rc4.plain

Targets

- Target
  
  IN(11)-9-12-2023_258806.vbs
- Size
  
  1KB
- MD5
  
  7b62afd1f1ec24823da003793e6e58be
- SHA1
  
  5220e8670f31beeb7233c88aa99fb5b623d067f0
- SHA256
  
  e8fec6cb888d59401c00b0ba9dcdff2285a71c88ff82de1ede13766ecf2910b3
- SHA512
  
  f3bc89c42a03c37ec8a5235b806226ddfa6444b04e6844fbce1d8281b75a6c65bb81dc14b39e7af16868a832814254883fb2dde983596c5da48deef9eff00d08
Score

10^/10

bumblebee js1 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bumblebeejs1trojan

behavioral3

bumblebeejs1trojan