dataCheck
setPath
General
-
Target
out_lkn.dll
-
Size
1.0MB
-
MD5
bfcb6b2e68c281c20f337542768b0c1a
-
SHA1
d64ec1b2df909578391ee7c8fa42fa09751b43da
-
SHA256
3d9163ca632ea7b01235a491f2d16bc90e7939698e749a644dbfd9bd768e7d75
-
SHA512
16f1aa4bd13814e6da061d2c05bef9b0bcb4c0e0eeaa337c5a71fc3c71f0fac062390e1c5a4cbe3c5912a70776e1a7961b9e584c6fa909d5f6a53562f23622dc
-
SSDEEP
24576:cx2ubccfCEN1Wpv9hOQn7G9Zx/tGggFQhrxtxcZfeoW:kTCyWN9QQnq9Zx/ZgShrxtyfeo
Malware Config
Extracted
Family
bumblebee
Botnet
0109
C2
209.139.60.151:479
244.128.29.248:117
80.26.204.137:419
158.200.96.239:234
63.9.167.21:222
45.147.230.233:443
61.4.173.101:476
254.119.87.118:207
101.98.79.60:301
69.150.77.201:486
87.96.193.250:150
131.71.67.100:419
115.101.211.199:153
159.25.213.35:312
198.98.52.145:443
106.4.34.109:111
126.169.239.82:498
194.140.58.72:493
149.163.36.172:357
238.129.29.25:491
42.247.137.38:410
78.98.35.251:228
9.161.150.166:183
111.144.125.161:402
107.25.131.1:487
1.84.1.238:143
136.132.212.228:117
85.142.99.64:418
174.76.88.158:302
38.44.166.242:313
132.198.145.194:132
182.213.94.223:274
71.227.139.133:144
30.205.222.211:400
49.20.171.83:199
162.141.192.2:494
219.105.164.8:148
6.76.12.110:294
66.212.44.133:193
177.133.93.60:366
35.229.21.133:320
169.219.147.85:389
146.19.173.173:443
101.22.72.207:310
239.113.102.77:203
160.66.31.141:101
183.56.214.8:165
186.164.68.9:120
168.48.136.83:166
30.181.62.126:287
149.81.1.140:359
245.31.94.249:103
94.168.119.12:322
rc4.plain
Signatures
-
Bumblebee family
Files
-
out_lkn.dll.dll windows x64
7083ebde8605833102a08de5535b6c52
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
crypt32
CertCreateCertificateChainEngine
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain
secur32
InitSecurityInterfaceA
kernel32
CreateEventW
Sleep
SetEvent
GetThreadContext
GetProcAddress
GetCurrentProcessId
GetModuleHandleW
SetThreadContext
SetWaitableTimer
TlsSetValue
SetLastError
EnterCriticalSection
CreateWaitableTimerW
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
PostQueuedCompletionStatus
FormatMessageW
GetLastError
TerminateThread
TlsAlloc
QueueUserAPC
LocalFree
DeleteCriticalSection
VerSetConditionMask
WideCharToMultiByte
SleepEx
VerifyVersionInfoW
TlsGetValue
TlsFree
FormatMessageA
CreateIoCompletionPort
AreFileApisANSI
ReadFile
SetHandleInformation
CreateNamedPipeA
WriteFile
TerminateProcess
GetCurrentThreadId
GetSystemDirectoryW
MultiByteToWideChar
CreateFileA
GetEnvironmentStrings
CreateProcessA
FreeEnvironmentStringsA
GetExitCodeProcess
LoadLibraryW
Thread32Next
Thread32First
GetModuleHandleA
LoadLibraryA
VirtualProtectEx
OpenThread
GetModuleFileNameW
SetFilePointer
lstrlenA
CreateFileW
lstrcmpA
lstrcatA
HeapFree
HeapReAlloc
HeapAlloc
GetFileSize
GetProcessHeap
Wow64DisableWow64FsRedirection
ExpandEnvironmentStringsW
Wow64RevertWow64FsRedirection
GetWindowsDirectoryW
GetCurrentDirectoryW
GlobalMemoryStatusEx
GetFileAttributesW
GetStdHandle
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
WriteConsoleW
GetCurrentProcess
GetFileAttributesA
OpenProcess
GetModuleFileNameA
CloseHandle
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
WaitForSingleObject
SetFilePointerEx
HeapSize
GetCPInfo
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStringTypeW
GetSystemTimeAsFileTime
QueryPerformanceFrequency
QueryPerformanceCounter
RaiseException
DecodePointer
EncodePointer
RtlPcToFileHeader
RtlVirtualUnwind
ResumeThread
GetCommandLineA
FindNextFileA
FindFirstFileExA
FindClose
GetTimeZoneInformation
GetOEMCP
IsValidCodePage
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
ExitProcess
GetACP
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
FreeLibrary
RtlUnwindEx
InterlockedFlushSList
InitializeSListHead
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlLookupFunctionEntry
user32
FindWindowW
advapi32
RegQueryValueExW
GetUserNameW
RegOpenKeyExW
RegCloseKey
LookupPrivilegeValueW
shell32
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
ole32
CoCreateInstance
CoUninitialize
CoInitializeEx
CoSetProxyBlanket
CoInitializeSecurity
oleaut32
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayAccessData
SysFreeString
SysAllocString
VariantClear
VariantInit
mpr
WNetGetProviderNameW
iphlpapi
GetAdaptersInfo
ws2_32
WSASetLastError
select
WSASend
WSASocketW
WSAGetLastError
setsockopt
getaddrinfo
ioctlsocket
freeaddrinfo
getsockopt
WSARecv
WSACleanup
connect
closesocket
WSAStartup
shlwapi
PathCombineW
StrCmpIW
StrStrIW
Exports
Exports
Sections
.text Size: 654KB - Virtual size: 653KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 280KB - Virtual size: 280KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 78KB - Virtual size: 101KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ