bumblebee | samplefixed[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

samplefixed.bin
Size

804KB
MD5

fed811d5c47f21d8890b5a1e6b91101e
SHA1

736b802b7b9b0a0f1342fbb6b2f79070276419b6
SHA256

6c5318c0149780c1c6806490a2343f442062fff04c95962ef56be00098d5287d
SHA512

02d108526b2a068a0062e9f92d7493a9204fb0f961b6abcd1e8106ac6a48e99d005b16a36622cd452e16a225bd972b411014e26686b1fc90f8e3eb75c53e39eb
SSDEEP

12288:iipvTLaZ+ZyRY2POCN2zPj77ejZYEc6QfAAovISc+kfkSQkh:iipvTOZ+uPOC8H7KYEc6Qf9uo+ksSQ

Score

10^/10

1105a bumblebee

Malware Config

Extracted

Family

bumblebee

Botnet

1105a

142.11.222.79:443

23.254.224.200:443

103.175.16.52:443

199.195.252.30:443

rc4.plain

Signatures

Bumblebee family
bumblebee

Files

samplefixed.bin
.dll windows x64

23ef69b19204b704365863cbed9a810e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

crypt32

CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertCreateCertificateChainEngine

secur32

InitSecurityInterfaceA

kernel32

SetEvent
TerminateThread
GetCurrentProcessId
CreateEventA
SetWaitableTimer
TlsSetValue
VerifyVersionInfoA
SetLastError
EnterCriticalSection
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateEventW
FormatMessageW
TlsAlloc
QueueUserAPC
CreateWaitableTimerA
LocalFree
DeleteCriticalSection
VerSetConditionMask
WideCharToMultiByte
SleepEx
TlsGetValue
TlsFree
FormatMessageA
CreateIoCompletionPort
ReadFile
SetHandleInformation
WriteFile
TerminateProcess
CreatePipe
CreateProcessA
FileTimeToSystemTime
LoadLibraryW
GetLocalTime
GetProcAddress
SystemTimeToFileTime
GetModuleHandleW
GetCurrentProcess
Thread32Next
Thread32First
GetModuleHandleA
OpenProcess
LoadLibraryA
VirtualProtectEx
OpenThread
MultiByteToWideChar
GetModuleFileNameW
SetFilePointer
lstrlenA
CreateFileW
lstrcmpA
VirtualAlloc
HeapFree
CreateFileA
HeapReAlloc
HeapAlloc
GetFileSize
GetLastError
VirtualQuery
lstrcpyA
Wow64DisableWow64FsRedirection
ExpandEnvironmentStringsW
Wow64RevertWow64FsRedirection
GetWindowsDirectoryW
GlobalMemoryStatusEx
VerifyVersionInfoW
GetFileAttributesW
Process32NextW
Process32FirstW
GetStdHandle
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
SetFilePointerEx
HeapSize
GetConsoleMode
Sleep
lstrcatA
CreateDirectoryA
GetFileAttributesA
GetModuleFileNameA
CloseHandle
CreateToolhelp32Snapshot
WaitForSingleObject
GetConsoleCP
FlushFileBuffers
SetStdHandle
ResetEvent
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
FindNextFileA
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
GetSystemTimeAsFileTime
QueryPerformanceFrequency
QueryPerformanceCounter
RaiseException
DecodePointer
EncodePointer
RtlPcToFileHeader
GetProcessHeap
FindFirstFileExA
FindClose
GetOEMCP
IsValidCodePage
OutputDebugStringW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
ExitProcess
GetACP
WriteConsoleW
GetFileType
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
FreeLibrary
RtlUnwindEx
InterlockedFlushSList
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind

user32

FindWindowW
wsprintfW

advapi32

LookupPrivilegeValueA
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetUserNameW

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CoSetProxyBlanket
CoInitializeSecurity

oleaut32

SafeArrayGetUBound
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayAccessData
SysFreeString
SysAllocString
VariantClear
VariantInit

mpr

WNetGetProviderNameW

iphlpapi

GetAdaptersInfo

ws2_32

WSASetLastError
select
WSASend
WSASocketW
WSAGetLastError
setsockopt
getaddrinfo
ioctlsocket
freeaddrinfo
getsockopt
WSARecv
WSACleanup
connect
closesocket
WSAStartup

shlwapi

PathCombineW
StrCmpIW
StrChrA
StrStrIW
StrToIntA

Exports

Exports

aCmHmjrptS
SetPath

Sections

.text
Size: 436KB - Virtual size: 436KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

23ef69b19204b704365863cbed9a810e

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

secur32

kernel32

user32

advapi32

shell32

ole32

oleaut32

mpr

iphlpapi

ws2_32

shlwapi

Exports

Exports

Sections

.text Size: 436KB - Virtual size: 436KB

.rdata Size: 216KB - Virtual size: 215KB

.data Size: 71KB - Virtual size: 94KB

.pdata Size: 26KB - Virtual size: 25KB

.gfids Size: 512B - Virtual size: 504B

.tls Size: 5KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 436KB - Virtual size: 436KB

.rdata
Size: 216KB - Virtual size: 215KB

.data
Size: 71KB - Virtual size: 94KB

.pdata
Size: 26KB - Virtual size: 25KB

.gfids
Size: 512B - Virtual size: 504B

.tls
Size: 5KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB