Overview

overview

10

Static

static

91903298998397.lnk

windows7-x64

3

91903298998397.lnk

windows10-2004-x64

7

energy.bat

windows7-x64

1

energy.bat

windows10-2004-x64

1

survey.dll

windows7-x64

10

survey.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    131s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30-11-2022 14:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    survey.dll

  • Size

    879KB

  • MD5

    4901cef8e715a3ccb26e30f116cb6c26

  • SHA1

    06b139e9bc5d3d3089af8e342546e7bbc43b8a06

  • SHA256

    e2d3186f0663527951e5cda5491540c28ef492c54adc31852ca81c27e6a0621b

  • SHA512

    c7fdc80817a1e727ac9243bf656c307f9118a4c0536eb5cd7b690a784ca02083a0ade03cc740e7c6730da73d4788ea8ccaff151d88bee8c8d465538cdfb340f3

  • SSDEEP

    12288:BqvXeaivnQ9HHK7fOlmPkOvszjIsAblDAoPkNhSZoBtlC406ZIjWzEFCXeIlso:Bq/eaivQ9HHDlE8jwl8HPS+tER6ocSo

Score
10/10
bumblebee2811trojan

Malware Config

Extracted

Family

bumblebee

Botnet

2811

C2

146.19.173.45:443

154.188.162.149:443

108.62.118.206:443

85.239.54.145:443
rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee
  • Blocklisted process makes network request 5 IoCs
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\survey.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of NtCreateThreadExHideFromDebugger
    PID:1192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1192-54-0x0000000001F90000-0x00000000020D9000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1192-55-0x0000000001CB0000-0x0000000001D25000-memory.dmp

    Filesize

    468KB

    Download