Overview

overview

10

Static

static

sledgehammering.dll

windows7-x64

10

sledgehammering.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sledgehammering.dat

  • Size

    882KB

  • Sample

    221103-d7j3jaebf5

  • MD5

    d9f7f22d4a84d1b32481725008e4cf9c

  • SHA1

    71a8e59d97141b074bba6fff5ccb7ceb69ebb62d

  • SHA256

    8609ad237578cebde0dc75d4362724bc0a255a1fbcf70885331cb7b8c0c46099

  • SHA512

    0456f61bdddcdb7a42aae78a57a6f2a9cbbc6f3758defeea1aaa4d2dbbb3dbe96917bb416da6a31f1c5064d48369263ff79bf333611fada68a5893a16739bd58

  • SSDEEP

    24576:M5FKqGWQEaOzsNHTC8nfbtSU5QEgZb3Bzvrr:M5FpGWcEqCUHA7T

Score
10/10
bumblebee0211rtrojan

Malware Config

Extracted

Family

bumblebee

Botnet

0211r

C2

193.109.120.156:443

192.111.146.184:443

104.219.233.113:443
rc4.plain

Targets

    • Target

      sledgehammering.dat

    • Size

      882KB

    • MD5

      d9f7f22d4a84d1b32481725008e4cf9c

    • SHA1

      71a8e59d97141b074bba6fff5ccb7ceb69ebb62d

    • SHA256

      8609ad237578cebde0dc75d4362724bc0a255a1fbcf70885331cb7b8c0c46099

    • SHA512

      0456f61bdddcdb7a42aae78a57a6f2a9cbbc6f3758defeea1aaa4d2dbbb3dbe96917bb416da6a31f1c5064d48369263ff79bf333611fada68a5893a16739bd58

    • SSDEEP

      24576:M5FKqGWQEaOzsNHTC8nfbtSU5QEgZb3Bzvrr:M5FpGWcEqCUHA7T

    Score
    10/10
    bumblebee0211rtrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Blocklisted process makes network request

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks