General
-
Target
doc_06.20.msi
-
Size
2.2MB
-
Sample
231009-2sxxvaha2s
-
MD5
41f1f58087ac8ca8009d07032bf4319f
-
SHA1
8ab6be5ac1e70f9cf1a970e4a7b2c53f29dac067
-
SHA256
38c37a12323334e8362d19f6788755fc5ba35f51b9f53a07ef5481f906807864
-
SHA512
0c60361265f062afeab7f03e648da982050fa58b86bdf90d972b2a936a5c316cb45c6d696a106f18797e2d9810ace6ca12a13703be4cbaf618c50f3e4d4ba359
-
SSDEEP
49152:QHVNAxnHKwlpMBHOZ7wZAf8dwjeZvpA+ZSqfShYNUeCMziwF:Q12xHKwlpOH00dw0pFsbJZA
Malware Config
Extracted
bumblebee
msi11606
176.111.174.67:443
Targets
-
-
Target
doc_06.20.msi
-
Size
2.2MB
-
MD5
41f1f58087ac8ca8009d07032bf4319f
-
SHA1
8ab6be5ac1e70f9cf1a970e4a7b2c53f29dac067
-
SHA256
38c37a12323334e8362d19f6788755fc5ba35f51b9f53a07ef5481f906807864
-
SHA512
0c60361265f062afeab7f03e648da982050fa58b86bdf90d972b2a936a5c316cb45c6d696a106f18797e2d9810ace6ca12a13703be4cbaf618c50f3e4d4ba359
-
SSDEEP
49152:QHVNAxnHKwlpMBHOZ7wZAf8dwjeZvpA+ZSqfShYNUeCMziwF:Q12xHKwlpOH00dw0pFsbJZA
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-