bumblebee | dbe4bfcec54587629aff611def62a726d0faae2ac3d1603b10b2bb477eb358e3 | Triage

Sharing

General

Target

d9060dfa2592d33946220f9a80864f50d11f680ba5f7774e81fc43879a848c60.zip
Size

727KB
Sample

241129-p2zftawmes
MD5

6e9fde86f1ebc90f06cb984651d843e5
SHA1

5dbf7d3fe3245045827a3daf9ae31bdd0f44195c
SHA256

dbe4bfcec54587629aff611def62a726d0faae2ac3d1603b10b2bb477eb358e3
SHA512

7119efad08b396bfabe6051cb3f7687617fda9c33c2fd9f1aa3393ea32b5fb4d329fdce75e686d684a67dfedc80871f8b9a86a932a66e2369df75d9f92fddde9
SSDEEP

12288:lbqn8OCcQ3d8MEZTb2YuX9/1QBD8I8+GfRwIdf4q+1/Rw38+FSRPD7bqCafFPCjh:McdbEZTiYAAc+u1fMNO3D4PnbsfM

Score

10^/10

bumblebee 0411 loader

Malware Config

Extracted

Family

bumblebee

Botnet

0411

C2

192.119.120.146:443

54.37.131.10:443

146.70.139.252:443

rc4.plain

Targets

- Target
  
  DKyVKmgVSvviRl.bat
- Size
  
  1KB
- MD5
  
  a3278817a228bfe014efa23c1f5ea606
- SHA1
  
  577b3550e9fae158aa5020c0e2eec4159657b261
- SHA256
  
  b00a6c38740aece0bf52e3ae04523ed03009908353709de8463580bb628c2c1e
- SHA512
  
  c74a1feac03c9a0cf7d9e53547cde5df06bafdde73d1bf1f289c42c9deb23c269f6a732a3de095e4f579b320adc7cd18568565c437f4d1b8db0ec3d2aedd269e
Score

10^/10

bumblebee 0411 loader
- BumbleBee
  BumbleBee is a loader malware written in C++.
  loader bumblebee
- Bumblebee family
  bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2
- Target
  
  aMLjTIhBvevLGx.dll
- Size
  
  997KB
- MD5
  
  59dc887601cbaaead82bfe63e5e38340
- SHA1
  
  77f4828ed6eaf990c2d3e50c0b6f041519d52a2d
- SHA256
  
  54752a51b0024f0cf90d7cab52f97cc7798fd5bda8e03b9ade44ee45638dbe8e
- SHA512
  
  041fb2a37793630683cdfbe7538fc6a44d4550a21b67df3b24147d72001d01d3898c79db210311aebd913854cb3647de23b2599e945a9ef3004906c68bf0d714
- SSDEEP
  
  24576:gOaBNP2MOnriAaG4tmHjf6wv2nybJpxm9EsYqdwu:gOaH2MOrf/4tQ3J7mcq
Score

1^/10
behavioral3 behavioral4
- Target
  
  details.lnk
- Size
  
  995B
- MD5
  
  318e9e89ec41466076292116a0e97880
- SHA1
  
  74a79d98c63ecb86c69bcd0346a346f1e4f85626
- SHA256
  
  ea1d322b8acea3e0d92846895391f96123f54fa1eb641b42a29ddd4b856b3065
- SHA512
  
  45151567ff4a7b810ebb6995c09038c06cc1dad08dc197a02ae2a705e46bcafeb3a080a706a39f5b272d3b88332c3524ebbc7c4bc7f1bb4e32a09c859e4aee18
Score

10^/10

bumblebee 0411 loader
- BumbleBee
  BumbleBee is a loader malware written in C++.
  loader bumblebee
- Bumblebee family
  bumblebee
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebee0411loader

behavioral2

bumblebee0411loader

behavioral3

behavioral4

behavioral5

bumblebee0411loader

behavioral6

bumblebee0411loader