bumblebee | 8c169aa9c23673c84cbea07e7ef8fdd7f2458856f8dfcdb5c1723e9a20a79b0d | Triage

Resubmissions

14-03-2024 12:52

240314-p38qwacd8v 10

14-03-2024 12:51

240314-p3p9jacd7w 7

Sharing

General

Target

sonveastrit.majohnerandf
Size

15KB
Sample

240314-p38qwacd8v
MD5

517affe6e5fe79afcf4f49cb46d8a3cc
SHA1

bb44562c59f77c63c1fa1fa28ba67d064eed2ad0
SHA256

8c169aa9c23673c84cbea07e7ef8fdd7f2458856f8dfcdb5c1723e9a20a79b0d
SHA512

81bb3f498baf5c012173a0dedd7981ed4747649f8dd010f4fa8d2f2b75ea574e337dd0306a7546307455bc02f0599f959e85ff041d8fbb7a42f5660a1f05f473
SSDEEP

384:j1pkU3o9kMw9bLSXfm96YPnA3AQzkkBRBYOC72lN:Ef9sLvAzxh

Score

10^/10

bumblebee asd1234 loader

Malware Config

Extracted

Family

bumblebee

Botnet

asd1234

rc4.plain

Targets

- Target
  
  sonveastrit.majohnerandf
- Size
  
  15KB
- MD5
  
  517affe6e5fe79afcf4f49cb46d8a3cc
- SHA1
  
  bb44562c59f77c63c1fa1fa28ba67d064eed2ad0
- SHA256
  
  8c169aa9c23673c84cbea07e7ef8fdd7f2458856f8dfcdb5c1723e9a20a79b0d
- SHA512
  
  81bb3f498baf5c012173a0dedd7981ed4747649f8dd010f4fa8d2f2b75ea574e337dd0306a7546307455bc02f0599f959e85ff041d8fbb7a42f5660a1f05f473
- SSDEEP
  
  384:j1pkU3o9kMw9bLSXfm96YPnA3AQzkkBRBYOC72lN:Ef9sLvAzxh
Score

10^/10

bumblebee asd1234 loader
- BumbleBee
  BumbleBee is a loader malware written in C++.
  loader bumblebee
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bumblebeeasd1234loader