Overview

overview

10

Static

static

10

LdrAddx64.dll

windows10-1703-x64

10

Analysis

  • max time kernel
    52s
  • max time network
    146s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    09-09-2022 07:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LdrAddx64.dll

  • Size

    1.1MB

  • MD5

    78796148afc0a3218f4ce6c9aacc429c

  • SHA1

    cd5c762a8ce9fb69bd24531de0588a689fe76f0e

  • SHA256

    0b0a5f3592df7b538b8d8db4ba621b03896f27c9f112b88d56761972b03e6e58

  • SHA512

    93cce3ceade3a0a5b353db486bf5119a257e0899b744737bc2b6d6313b8a0cb313059ecb106a3f072c1103129c73f76506fa2b753297cf8a3b4e8b342a4855da

  • SSDEEP

    24576:nPbd7OXoxkXTfxUXIeUu3MWXA0FaRaayXd0:MocTxUXX35XbFivyX

Score
10/10
bumblebee1508trojan

Malware Config

Extracted

Family

bumblebee

Botnet

1508

C2

14.31.207.132:221

81.9.92.42:167

119.76.18.11:355

247.159.224.202:444

32.19.91.214:383

18.218.236.32:451

108.65.214.104:154

170.120.41.104:472

210.95.71.224:141

120.24.53.94:203

202.135.147.121:128

81.59.225.7:315

86.229.107.229:329

28.48.215.169:349

147.85.196.182:247

100.43.226.160:468

147.59.173.194:351

202.9.44.255:464

254.156.153.57:206

81.112.174.32:153
rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\LdrAddx64.dll,#1
    1⤵
    • Suspicious use of NtCreateThreadExHideFromDebugger
    PID:1776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1776-116-0x0000014B9C010000-0x0000014B9C125000-memory.dmp

    Filesize

    1.1MB

    Download