bumblebee | 9e7d2449b38c6184a40a25a940d5aad6b0b937a84b4ddeff270cac45438ae4de | Triage

Sharing

General

Target

91d29cfe549d8c7ade35f681ea60ce73a48e00c2f6d55a608f86b6f17f494d0d.zip
Size

913KB
Sample

240505-t741psfa8x
MD5

da70bb62b1aa8fc5e24b7726199c3ad8
SHA1

3ebc048812657bce6b75382099eed689873fe6f0
SHA256

9e7d2449b38c6184a40a25a940d5aad6b0b937a84b4ddeff270cac45438ae4de
SHA512

59baff923177fe3599383575c79e10871e14f06cdee8be34bc5fd5f4ee374e70ae0cfe043855a95cbc5723c5b87bf5806535fe2b039400e0c2b6fcd9ae9bda1d
SSDEEP

24576:t/dnJmIG9UGD1Tetxbb+O8ZbW0faEfwh/:tdJmIGmGhTIJbZ8dPfanh/

Score

10^/10

bumblebee 1508 execution loader

Malware Config

Extracted

Family

bumblebee

rc4.plain

Extracted

Family

bumblebee

Botnet

1508

C2

172.93.201.138:443

116.142.140.251:443

rc4.plain

Targets

- Target
  
  Quote.lnk
- Size
  
  1KB
- MD5
  
  4166dc23c9ffb1fe465288801da97ca9
- SHA1
  
  0e7319378d7cb33f123cd804630c7644384e8931
- SHA256
  
  940182dd2eaf42327457d249f781274b07e7978b62dca0ae4077b438a8e13937
- SHA512
  
  60d65cd412938bb55cd268ac81ba05e90790a12755b1d2bcdc351339dac88339b6851e1272716cb3dc3652900226b098b2c3b9b137bcc820510b65f36cb03aff
Score

10^/10

bumblebee 1508 execution loader
- BumbleBee
  BumbleBee is a loader malware written in C++.
  loader bumblebee
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1
- Target
  
  System Volume Information/WPSettings.dat
- Size
  
  12B
- MD5
  
  b4f3927793f1c57f7e54b58adb494166
- SHA1
  
  bd01fd729a0cc4af82aaef12e854bfc37d56315b
- SHA256
  
  47c3ccb835be708bec9cd198082ff3ba49ef7646274aed09a63f5184d6964ea3
- SHA512
  
  29998c6ab856ca36fe0cab15796b10cf3e0b2c3d656e65b96c699aa4a8f934415d1b5bb156309f7fe585a57379ddb5c17f9de330f8953238b86d4ef8a89b1511
Score

3^/10
behavioral2
- Target
  
  quotefile.ps1
- Size
  
  1.9MB
- MD5
  
  739eaf406607fa3efddb9c6c97cdba76
- SHA1
  
  bdb0575775a3447391b9d719e6d69c0e44549fd2
- SHA256
  
  d6cc3ac995484b99ed790b6f8ceb145492794eb5d01ec4a71123b9975e9bfd20
- SHA512
  
  80ccebc7f4ff3597031899973817acdb4c1638788aa37b536fcafb6cd03b2f6113d40527b2e7a7f49d4794f021c815f8dc85ac4fd372d40cde59da6db2769384
- SSDEEP
  
  24576:AzrIw+80AssR3D6UN6hzwbSVsi5MW94d5upIAMoIKAdqQb16:AwwahXsvWK1dj6
Score

10^/10

bumblebee 1508 execution loader
- BumbleBee
  BumbleBee is a loader malware written in C++.
  loader bumblebee
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebee1508executionloader

behavioral2

behavioral3

bumblebee1508executionloader