bumblebee | df5305461ba047695b80cf13da306677737724bf2e45b249bba0a5d0d7d57b15 | Triage

Sharing

General

Target

5hzkjlg864.zip
Size

620KB
Sample

231014-eb7pdsge99
MD5

8ddd8a831a271d295704f99d4c0ded6e
SHA1

a6dcbc1219de4a1192e9f7e29c0eb409dffbb74c
SHA256

df5305461ba047695b80cf13da306677737724bf2e45b249bba0a5d0d7d57b15
SHA512

91896469ae7007bf2d2720bd0321e9c102af195e98a2ca590b4580b559e15563d85e449b6d367481a171badee593303d428394b8412de4e6621d8dd0007dcc6e
SSDEEP

12288:ZhQhrFSUWEKlbahCdGxaxVpu790D9hfQbZo2L/9u2tnmhxBgG9f3/:ZhQ5FWvbL6ar60D9hco2LFFmh5Vv

Score

10^/10

bumblebee js1 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

js1

rc4.plain

Targets

- Target
  
  5hzkjlg864.dll
- Size
  
  1.1MB
- MD5
  
  946ff48f5b0f50a5501979347e8a411f
- SHA1
  
  407e18f76b337fe146b100c2a330ab7b5844c6ed
- SHA256
  
  35105efb993284937212530ebf3625f532dfb9b00b73409c266ad380d0665b4f
- SHA512
  
  d06328b0c92cd6237758d27060ab8a2b9b230454f194bb434c39945a5670b6ea8505109a6c3ea739758c5f26c0dbc400d1e1620695d812d687bd25fce54eba8e
- SSDEEP
  
  24576:bQAzTZH7ALVi4S8lvHV40phqqOCx/ZDAwPM:1zTZHE5rt9
Score

10^/10

bumblebee js1 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bumblebeejs1trojan

behavioral2

bumblebeejs1trojan