BumbleBee

Bumblebee is an advanced, evasive malware loader used to unpack Conti and other ransomware payloads.

Bumblebee is spread through sophisticated spear-phishing emails which contain a hyperlink pointing to a url that fingerprints the machine before downloading a compatible version of the Bumblebee loader in ISO format. Once executed by a user, this ISO unpacks Bumblebee and establishes C2 with an external server. 

Bumblebee contains five functions: shellcode injection, DLL injection, Download executable, uninstall loader, and enable persistence. These functions enable Bumblebee to load a variety of follow-up malware to infected machines.

Bumblebee was first discovered in March, 2022 and has subsequently replaced BazarLoader, quickly assuming central position in cybercrime ecosystem.

View Dosier