bumblebee | 65d04de815569a755cf3de93d761fa1edfba112335e8fbcc54b0cad5875e204e

Sharing

Copy URL Twitter E-mail

General

Target

65d04de815569a755cf3de93d761fa1edfba112335e8fbcc54b0cad5875e204e
Size

804KB
MD5

1aa24423bea4d17ca5256343521d8c7b
SHA1

85f0476d5d2ce063a3179817a2c3a78c3e180614
SHA256

65d04de815569a755cf3de93d761fa1edfba112335e8fbcc54b0cad5875e204e
SHA512

f6878340fcdb941121227cb6709e72b07793d6bbfc0a8c00f66341fb0f02fff12f73897ca8f30f7df4fadb8ab65422f1454b9e35f6059e7a6fbcb931720f8fb3
SSDEEP

12288:kipvTLaZ+ZyRY2POCN2zPj77ejZYEc6QfiqoLKKD+kfkpQkh:kipvTOZ+uPOC8H7KYEc6Qfny1+kspQ

Score

10^/10

1105a bumblebee

Malware Config

Extracted

Family

bumblebee

Botnet

1105a

142.11.222.79:443

23.254.224.200:443

103.175.16.52:443

199.195.252.30:443

rc4.plain

Signatures

Bumblebee family
bumblebee

Files

65d04de815569a755cf3de93d761fa1edfba112335e8fbcc54b0cad5875e204e
.dll windows x64

23ef69b19204b704365863cbed9a810e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

crypt32

CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertCreateCertificateChainEngine

secur32

InitSecurityInterfaceA

kernel32

SetEvent
TerminateThread
GetCurrentProcessId
CreateEventA
SetWaitableTimer
TlsSetValue
VerifyVersionInfoA
SetLastError
EnterCriticalSection
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateEventW
FormatMessageW
TlsAlloc
QueueUserAPC
CreateWaitableTimerA
LocalFree
DeleteCriticalSection
VerSetConditionMask
WideCharToMultiByte
SleepEx
TlsGetValue
TlsFree
FormatMessageA
CreateIoCompletionPort
ReadFile
SetHandleInformation
WriteFile
TerminateProcess
CreatePipe
CreateProcessA
FileTimeToSystemTime
LoadLibraryW
GetLocalTime
GetProcAddress
SystemTimeToFileTime
GetModuleHandleW
GetCurrentProcess
Thread32Next
Thread32First
GetModuleHandleA
OpenProcess
LoadLibraryA
VirtualProtectEx
OpenThread
MultiByteToWideChar
GetModuleFileNameW
SetFilePointer
lstrlenA
CreateFileW
lstrcmpA
VirtualAlloc
HeapFree
CreateFileA
HeapReAlloc
HeapAlloc
GetFileSize
GetLastError
VirtualQuery
lstrcpyA
Wow64DisableWow64FsRedirection
ExpandEnvironmentStringsW
Wow64RevertWow64FsRedirection
GetWindowsDirectoryW
GlobalMemoryStatusEx
VerifyVersionInfoW
GetFileAttributesW
Process32NextW
Process32FirstW
GetStdHandle
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
SetFilePointerEx
HeapSize
GetConsoleMode
Sleep
lstrcatA
CreateDirectoryA
GetFileAttributesA
GetModuleFileNameA
CloseHandle
CreateToolhelp32Snapshot
WaitForSingleObject
GetConsoleCP
FlushFileBuffers
SetStdHandle
ResetEvent
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
FindNextFileA
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
GetSystemTimeAsFileTime
QueryPerformanceFrequency
QueryPerformanceCounter
RaiseException
DecodePointer
EncodePointer
RtlPcToFileHeader
GetProcessHeap
FindFirstFileExA
FindClose
GetOEMCP
IsValidCodePage
OutputDebugStringW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
ExitProcess
GetACP
WriteConsoleW
GetFileType
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
FreeLibrary
RtlUnwindEx
InterlockedFlushSList
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind

user32

FindWindowW
wsprintfW

advapi32

LookupPrivilegeValueA
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetUserNameW

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CoSetProxyBlanket
CoInitializeSecurity

oleaut32

SafeArrayGetUBound
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayAccessData
SysFreeString
SysAllocString
VariantClear
VariantInit

mpr

WNetGetProviderNameW

iphlpapi

GetAdaptersInfo

ws2_32

WSASetLastError
select
WSASend
WSASocketW
WSAGetLastError
setsockopt
getaddrinfo
ioctlsocket
freeaddrinfo
getsockopt
WSARecv
WSACleanup
connect
closesocket
WSAStartup

shlwapi

PathCombineW
StrCmpIW
StrChrA
StrStrIW
StrToIntA

Exports

Exports

aCmHmjrptS
SetPath

Sections

.text
Size: 436KB - Virtual size: 436KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

23ef69b19204b704365863cbed9a810e

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

secur32

kernel32

user32

advapi32

shell32

ole32

oleaut32

mpr

iphlpapi

ws2_32

shlwapi

Exports

Exports

Sections

.text Size: 436KB - Virtual size: 436KB

.rdata Size: 216KB - Virtual size: 215KB

.data Size: 71KB - Virtual size: 94KB

.pdata Size: 26KB - Virtual size: 25KB

.gfids Size: 512B - Virtual size: 504B

.tls Size: 5KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 436KB - Virtual size: 436KB

.rdata
Size: 216KB - Virtual size: 215KB

.data
Size: 71KB - Virtual size: 94KB

.pdata
Size: 26KB - Virtual size: 25KB

.gfids
Size: 512B - Virtual size: 504B

.tls
Size: 5KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB