Overview

overview

10

Static

static

UkBuGFiaRxAAfl.dll

windows7-x64

10

UkBuGFiaRxAAfl.dll

windows10-2004-x64

3

Resubmissions

18-11-2022 10:31

221118-mkb8vada8z 10

18-11-2022 01:25

221118-bsyw2agc55 3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    UkBuGFiaRxAAfl.dll.exe

  • Size

    970KB

  • Sample

    221118-mkb8vada8z

  • MD5

    a779d5cf3fa450bdf0f540054861ba62

  • SHA1

    4fe25852f69640e87e240b5e4bc46fdfc76782c7

  • SHA256

    2911bdd99140387cbc8761826aacc3c9de0ccb511255aa58790955d8337e2edf

  • SHA512

    1db51d312dfa647038d2c0c9afbd11852b4bdb177a07894f84db04d3547a3d06257900c597f9bb514bfcdcfd027fbcbe22552dbf73262f8f6e30920025ea3f50

  • SSDEEP

    12288:ZZ33fS04yxlif6aS8dqJJzkvyo4w9faJ+1NEDeX4d8FWkPQz8028ez+R7Fnjmz2q:ZZ33agIddqFY9CJ+1V4oWdY8ec7BjI4

Score
10/10
bumblebee1711trojan

Malware Config

Extracted

Family

bumblebee

Botnet

1711

C2

193.200.16.175:443

54.37.130.195:443

64.44.97.58:443
rc4.plain

Targets

    • Target

      UkBuGFiaRxAAfl.dll.exe

    • Size

      970KB

    • MD5

      a779d5cf3fa450bdf0f540054861ba62

    • SHA1

      4fe25852f69640e87e240b5e4bc46fdfc76782c7

    • SHA256

      2911bdd99140387cbc8761826aacc3c9de0ccb511255aa58790955d8337e2edf

    • SHA512

      1db51d312dfa647038d2c0c9afbd11852b4bdb177a07894f84db04d3547a3d06257900c597f9bb514bfcdcfd027fbcbe22552dbf73262f8f6e30920025ea3f50

    • SSDEEP

      12288:ZZ33fS04yxlif6aS8dqJJzkvyo4w9faJ+1NEDeX4d8FWkPQz8028ez+R7Fnjmz2q:ZZ33agIddqFY9CJ+1V4oWdY8ec7BjI4

    Score
    10/10
    bumblebee1711trojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Blocklisted process makes network request

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks