Overview

overview

10

Static

static

10

bum_0109.dll

windows7-x64

10

bum_0109.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    45s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    01-09-2022 17:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bum_0109.dll

  • Size

    1.1MB

  • MD5

    7505f06d4c671c572f550cba3d34e2ea

  • SHA1

    e59a8fd2d359443e11f94417f53cc9333dd8cfc7

  • SHA256

    34781ec029c522322a117d0aee0de90eb6bb9f80f2c640c84f16ec6809f5723a

  • SHA512

    5320d4fcd16088e42950907fa9109d0e7b8472676b8bd080d9e481ba6114c053ccbafa16122b4e6142ea2fe31ef05413f1a4094bb4d31597278ba7c053076e25

  • SSDEEP

    24576:9x2ubccfCEN1Wpv9hOQn7G9Zx/tGggFQhrxtxcZfeoO:RTCyWN9QQnq9Zx/ZgShrxtyfeo

Score
10/10
bumblebee0109trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0109

C2

217.112.111.163:374

199.128.166.154:140

62.217.108.163:315

232.253.120.235:386

169.238.137.193:236

239.251.156.113:460

196.74.172.19:193

244.25.44.67:365

34.239.32.188:367

9.8.182.200:421

55.50.175.136:247

104.11.216.173:422

74.158.154.0:359

168.70.90.68:318

45.147.230.233:443

93.161.137.130:254

146.19.173.173:443

214.207.72.239:329

198.98.52.145:443

166.225.211.15:309
rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\bum_0109.dll,#1
    1⤵
    • Suspicious use of NtCreateThreadExHideFromDebugger
    PID:1368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1368-54-0x0000000001CB0000-0x0000000001DC4000-memory.dmp

    Filesize

    1.1MB

    Download