“Bumblebee,” a relatively recent custom malware downloader that appears to have been utilised by many criminal groups, has been investigated by cybersecurity firms. Bumblebee is written in C++ and consists primarily of a single function that handles initialization, response handling, and request sending.
The downloader’s configuration is now kept in plaintext, although its creators may use obfuscation in the future. The threat collects information about the system and then communicates with the Command and Control (C&C) server after being executed on a victim workstation.
Payloads are most likely manually deployed, based on how long it takes Bumblebee to receive jobs to perform. Bumblebee also has anti-VM and anti-sandbox tests, as well as a randomised sleep time and an encryption layer for network communications in the most recent version.