bumblebee | 9a149522394b1718586436d43d72a9c9fece1f5c63478b6045b99421a35afecb | Triage

Sharing

General

Target

9a149522394b1718586436d43d72a9c9fece1f5c63478b6045b99421a35afecb.exe
Size

1.0MB
Sample

241208-xpff6sxjhn
MD5

63f8c02fa87e750af09aad4f48b1aa4b
SHA1

f6554c45d574e960ed5f262779ff5aaeb928384e
SHA256

9a149522394b1718586436d43d72a9c9fece1f5c63478b6045b99421a35afecb
SHA512

017adaaf9791fd90906f2f0f7e713bd0ed48075cc2838247d730ef9411a0089f98fc6ad33d0813367dff486bb27e4a5fe4c8123f887f36deddd0f3f986a235e0
SSDEEP

24576:dTOm8Acqmr0tSEud7LgCgF1ZlPluqzGfGhu7h:dzcZotSwCgHEqzG+4

Score

10^/10

bumblebee 132lg loader

Malware Config

Extracted

Family

bumblebee

Botnet

132lg

C2

205.185.113.34:443

103.144.139.146:443

23.106.223.222:443

95.168.191.248:443

23.106.223.182:443

146.70.29.237:443

rc4.plain

Targets

- Target
  
  9a149522394b1718586436d43d72a9c9fece1f5c63478b6045b99421a35afecb.exe
- Size
  
  1.0MB
- MD5
  
  63f8c02fa87e750af09aad4f48b1aa4b
- SHA1
  
  f6554c45d574e960ed5f262779ff5aaeb928384e
- SHA256
  
  9a149522394b1718586436d43d72a9c9fece1f5c63478b6045b99421a35afecb
- SHA512
  
  017adaaf9791fd90906f2f0f7e713bd0ed48075cc2838247d730ef9411a0089f98fc6ad33d0813367dff486bb27e4a5fe4c8123f887f36deddd0f3f986a235e0
- SSDEEP
  
  24576:dTOm8Acqmr0tSEud7LgCgF1ZlPluqzGfGhu7h:dzcZotSwCgHEqzG+4
Score

10^/10

bumblebee 132lg loader
- BumbleBee
  BumbleBee is a loader malware written in C++.
  loader bumblebee
- Bumblebee family
  bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bumblebee132lgloader

behavioral2

bumblebee132lgloader