bumblebee | c80de52d42e21278610b0516bfcf4ebda136a5696af3f60a5e5782911e4276d0

Analysis

max time kernel
143s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
14/11/2022, 17:17 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TA580_20221114.zip/DDmEtxgXtOVOLY.bat
Size

1KB
MD5

7d3bc8f7c05afe9f898ba052bd77d0ac
SHA1

59dee82b4be9a3d67a86cef3fea439b5c1f4e3ac
SHA256

71eb244220efc90f4a4a272117e00b9f7e975758b3c3bd1fc4cc28fae58173e5
SHA512

322dc1afb53d19f9cfe90951ea543241e29d34c51fe4d0e6bd23da46d778b489285debf3dd594f8e5007c511341e4515f14a521822009cc2864ca82773537075

Score

10^/10

bumblebee 1411 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

1411

107.189.13.247:443

64.44.102.241:443

54.37.130.24:443

rc4.plain

1
eCUmnQerTx

Signatures

BumbleBee
BumbleBee is a webshell malware written in C++.
trojan bumblebee

Blocklisted process makes network request 6 IoCs

flow	pid	Process
46	3236	rundll32.exe
53	3236	rundll32.exe
57	3236	rundll32.exe
63	3236	rundll32.exe
72	3236	rundll32.exe
77	3236	rundll32.exe

Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

pid	Process
3236	rundll32.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3464 wrote to memory of 3236	3464	cmd.exe	81
PID 3464 wrote to memory of 3236	3464	cmd.exe	81

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\TA580_20221114.zip\DDmEtxgXtOVOLY.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3464
- C:\Windows\system32\rundll32.exe
  rundll32 aGySCShDWxUsAj.dll,LoadNode
  2⤵
  - Blocklisted process makes network request
  - Suspicious use of NtCreateThreadExHideFromDebugger
  PID:3236

Network

No results found

79.172.113.34:102

rundll32.exe

260 B
5
52.182.141.63:443

322 B
7
93.184.221.240:80

322 B
7
137.31.59.180:100

rundll32.exe

260 B
5
93.184.221.240:80

322 B
7
144.136.57.11:120

rundll32.exe

260 B
5
213.80.235.165:419

rundll32.exe

260 B
5
76.134.233.76:119

rundll32.exe

260 B
5
5.237.231.132:497

rundll32.exe

208 B
4

No results found

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3236-133-0x0000017DE7970000-0x0000017DE7AB9000-memory.dmp

Filesize
1.3MB

Download
memory/3236-134-0x0000017DE76D0000-0x0000017DE7748000-memory.dmp

Filesize
480KB

Download