Overview

overview

10

Static

static

sledgehammering.dll

windows7-x64

10

sledgehammering.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    139s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-11-2022 03:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sledgehammering.dll

  • Size

    882KB

  • MD5

    d9f7f22d4a84d1b32481725008e4cf9c

  • SHA1

    71a8e59d97141b074bba6fff5ccb7ceb69ebb62d

  • SHA256

    8609ad237578cebde0dc75d4362724bc0a255a1fbcf70885331cb7b8c0c46099

  • SHA512

    0456f61bdddcdb7a42aae78a57a6f2a9cbbc6f3758defeea1aaa4d2dbbb3dbe96917bb416da6a31f1c5064d48369263ff79bf333611fada68a5893a16739bd58

  • SSDEEP

    24576:M5FKqGWQEaOzsNHTC8nfbtSU5QEgZb3Bzvrr:M5FpGWcEqCUHA7T

Score
10/10
bumblebee0211rtrojan

Malware Config

Extracted

Family

bumblebee

Botnet

0211r

C2

193.109.120.156:443

192.111.146.184:443

104.219.233.113:443
rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee
  • Blocklisted process makes network request 6 IoCs
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\sledgehammering.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of NtCreateThreadExHideFromDebugger
    PID:3436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3436-132-0x000001C6582B0000-0x000001C6583F9000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3436-133-0x000001C6580F0000-0x000001C658166000-memory.dmp

    Filesize

    472KB

    Download