bumblebee | 8ef540dba9d6f21332f766ea513a8bd249c346773ae58106d7682ce40bb37e0e

Analysis

max time kernel
52s
max time network
75s
platform
windows10-1703_x64
resource
win10-20220812-de
resource tags

arch:x64arch:x86image:win10-20220812-delocale:de-deos:windows10-1703-x64systemwindows
submitted
10-11-2022 10:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ini.bat
Size

54B
MD5

1569f10208cb9da7614262b3a8218ee0
SHA1

8af330c88518cd43ba9cd509f5a7c894c4c95018
SHA256

f418b9c6fbca29c793d0c114b792caea62da10090b4b0cc5b9541af10dc9c874
SHA512

f0711d61100bafdd70bae19be085436dfce697ecef1e13c6eb4be5cc597843cd5deb6a4230a38aa0f68a8b60586819cd5f09d36d8a1c54530a6d61fce57e8af1

Score

10^/10

bumblebee 0311t2 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0311t2

39.65.8.170:443

103.144.139.156:443

107.189.30.231:443

91.245.254.101:443

194.135.33.127:443

rc4.plain

Signatures

BumbleBee
BumbleBee is a webshell malware written in C++.
trojan bumblebee

Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

pid	Process
3724	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4724	3724	WerFault.exe	67

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 3724	2772	cmd.exe	67
PID 2772 wrote to memory of 3724	2772	cmd.exe	67

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ini.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" /s bb.dll,BasicLoad
  2⤵
  - Suspicious use of NtCreateThreadExHideFromDebugger
  PID:3724
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 3724 -s 392
    3⤵
    - Program crash
    PID:4724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3724-117-0x0000020FB8AA0000-0x0000020FB8BE9000-memory.dmp

Filesize
1.3MB

Download
memory/3724-118-0x0000020FB6BC0000-0x0000020FB6C36000-memory.dmp

Filesize
472KB

Download