Overview

overview

10

Static

static

LDYwFaCKXIhkuX.dll

windows7-x64

10

LDYwFaCKXIhkuX.dll

windows10-2004-x64

10

pBLiwECeuZiHFL.bat

windows7-x64

10

pBLiwECeuZiHFL.bat

windows10-2004-x64

10

required d...ts.lnk

windows7-x64

10

required d...ts.lnk

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    02-11-2022 17:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LDYwFaCKXIhkuX.dll

  • Size

    882KB

  • MD5

    03d51920a3d0e22a393dca36eabe4f0c

  • SHA1

    cae3d3e299e450db7b0d4a2a8d9474ad0ad50b22

  • SHA256

    8607ab81c1a81556c2d433dc123a2a23734d47e3e983e0177ef93a3333eabf47

  • SHA512

    a99ce5921105b32564140d81a869645abb340dfeff0b74f4278450f21aaf3b3823d6d52987d3634f5e8f0f723a6f14818d42a7ef12da44126c019f6cf08af9b6

  • SSDEEP

    24576:30vmdBQqlXGM+68I31p2v1Gyc10yLhkr1:30vSBQqlWMf31S1yLhk

Score
10/10
bumblebee0211trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0211

C2

176.223.165.119:443

51.75.63.234:443

104.168.171.189:443
rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee
  • Blocklisted process makes network request 7 IoCs
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\LDYwFaCKXIhkuX.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of NtCreateThreadExHideFromDebugger
    PID:1672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1672-54-0x0000000001F40000-0x0000000002089000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1672-55-0x0000000001BF0000-0x0000000001C66000-memory.dmp

    Filesize

    472KB

    Download