General

  • Target

    patched.dll

  • Size

    1.1MB

  • Sample

    220817-2fgp4adfck

  • MD5

    6ac69893d567fb27c380543348ad48c7

  • SHA1

    9c34fd73f90ba4ca9eae329b0708ac870dea5f40

  • SHA256

    9b2c2d78ed4fce7e637174f95b77ceee22a9023c563fd396be6cf2c419b2847b

  • SHA512

    110dff2a00e15477568571e08a365c51665cc0420846da277781476070cc440625b012a448e32c4fa89babd1dd70a840262a92b77663e55302143037cbbc4a7d

  • SSDEEP

    24576:AYma2+MNU4NemNEfD/1npU9vsxR1RVOFRBDHne:QNUxmOfD/1nyidRVOnBDHn

Score
10/10

Malware Config

Extracted

Family

bumblebee

Botnet

1608

C2

105.225.235.77:293

248.94.74.210:141

65.253.175.27:369

129.251.52.181:210

43.53.48.241:465

157.43.101.4:490

197.59.117.102:179

154.108.97.105:287

43.154.78.119:231

111.199.20.97:430

44.247.110.165:413

163.98.16.142:234

187.182.118.112:215

40.82.47.229:321

39.227.72.221:450

117.4.222.206:347

34.133.24.204:487

120.81.112.121:328

247.113.218.179:216

78.209.128.70:163

rc4.plain

Targets

    • Target

      patched.dll

    • Size

      1.1MB

    • MD5

      6ac69893d567fb27c380543348ad48c7

    • SHA1

      9c34fd73f90ba4ca9eae329b0708ac870dea5f40

    • SHA256

      9b2c2d78ed4fce7e637174f95b77ceee22a9023c563fd396be6cf2c419b2847b

    • SHA512

      110dff2a00e15477568571e08a365c51665cc0420846da277781476070cc440625b012a448e32c4fa89babd1dd70a840262a92b77663e55302143037cbbc4a7d

    • SSDEEP

      24576:AYma2+MNU4NemNEfD/1npU9vsxR1RVOFRBDHne:QNUxmOfD/1nyidRVOnBDHn

    Score
    5/10
    • Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Matrix

Tasks