![]() ![]() Lastly, I divided the entire article into three parts, the table of contents is the following: Also, one of my favorite topics in malware research is the ways of malware to avoid detection, so I will put more emphasis on this subject as well. ![]() In this article, I will present a code analysis of the Bumblebee malware, obviously, due to the malware's large size I will not cover everything, and will focus on the parts that I think are the most interesting in terms of capabilities. In the past, the traditional loaders of Conti were Trickbot, Bazarloader, and Emotet, so it was quite intriguing to inspect this malware closely. ![]() Also, similar to the aforementioned malware, Bumblebee too was observed delivering the Cobalt-Strike framework.įrom a threat research perspective, what makes this malware interesting is the fact that it was associated with the Conti ransomware group as one of the group's threat loaders. This malware deployment technique is not new, and several other malware has already been observed using it, most notably: BazarLoader, and IcedID. In late March 2022, a new malware dubbed “Bumblebee” was discovered, and reported to be distributed in phishing campaigns containing ISO files which eventually drop DLL files that contained the Bumblebee malware itself. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |