Overview

overview

10

Static

static

10

bb.dll

windows7-x64

10

bb.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    0s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    17-08-2022 22:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bb.dll

  • Size

    1.1MB

  • MD5

    da6feac8dff2a44784be3d078f2d4ac3

  • SHA1

    c0f43d1d3e87b0e8b86b4b9e91cb55b4a1893b48

  • SHA256

    9bd9da44cc2d259b8c383993e2e05bbe1bcdac917db563b94e824b4b1628e87c

  • SHA512

    920b1ae2a1b33d7e6ece0524ced736ec0c03a8a8b6dea6efb6496ea429195d65cdd854879c62f6c17301613baa2d884199c5f197ef98610b330ef0d1e605980f

Score
10/10
bumblebee1608trojan

Malware Config

Extracted

Family

bumblebee

Botnet

1608

C2

121.170.127.19:425

218.133.76.148:154

72.121.117.129:498

162.96.106.119:383

25.224.94.213:269

82.155.216.93:249

139.77.66.126:493

108.174.194.151:443

35.139.238.97:273

73.29.113.233:420

51.77.41.66:443

235.148.133.249:357

95.169.164.122:281

148.139.101.182:193

165.129.149.198:473

62.210.69.227:117

226.38.28.172:414

232.222.204.156:299

235.200.212.246:168

132.252.111.96:215
rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\bb.dll,#1
    1⤵
    • Suspicious use of NtCreateThreadExHideFromDebugger
    PID:1520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1520-54-0x0000000000480000-0x0000000000595000-memory.dmp

    Filesize

    1.1MB

    Download