#bumblebee #malware
Bumblebee sample

SHA1: e845d373bdbfad8c95c4eed2d56bd43649e1695a

https://bazaar.abuse.ch/sample/111884defe575650260a2eaab6c0fc2a3ebd3fbe4a9bf75bb56944a13f0aa009/

PWD Protected ZIP > ISO > LNK > BAT >DLL / EXE

C:\Windows\System32\cmd.exe /c navbar.bat

Starts process from LNK file and creates a scheduled task to install service.
Runs EXE from root of PrgramData.

SCHTASKS/create/tn"UpdateService"/tr"cmd.exe/cC:\programdata\YxurWe0fMb8Vi.exeC:\programdata\taxonomy.dll,cmfgutil"/schourly/mo1/sd01/01/2022/st00:00