bumblebee | 70f15444a37e87639aa53d866f06ee80b7f0f9943e0538aee3c3009d27bf41a9

Analysis

max time kernel
177s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
30-11-2022 20:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70f15444a37e87639aa53d866f06ee80b7f0f9943e0538aee3c3009d27bf41a9.dll
Size

877KB
MD5

61e503292367c7aec784ad98e3c0bc8a
SHA1

d0885d898406f48aa326c575a76ecff3a9ce1f00
SHA256

70f15444a37e87639aa53d866f06ee80b7f0f9943e0538aee3c3009d27bf41a9
SHA512

2ad2914c6dc1d14bc5c4e32daa602b313a05c2d9ce429928038fdb0d17f19e081662128498727bf7be9240ac9fefbd73d2d7e7202e2ebd8718070510dfce3e87
SSDEEP

12288:j0SuY9Ah/KMIobH6Rs9H0ehvjo2zAou6mh3s72KBu9/sfsTkcesTViT5AEB95ub:j01YKhiWL6C90TNHph3w2KBokCoHDI

Score

10^/10

bumblebee 3011 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

3011

37.28.156.24:443

108.62.118.206:443

108.62.141.221:443

146.59.116.25:443

85.239.54.145:443

146.19.173.45:443

223.154.146.64:443

rc4.plain

Signatures

BumbleBee
BumbleBee is a webshell malware written in C++.
trojan bumblebee

Blocklisted process makes network request 7 IoCs

flow	pid	Process
38	736	rundll32.exe
45	736	rundll32.exe
55	736	rundll32.exe
66	736	rundll32.exe
67	736	rundll32.exe
72	736	rundll32.exe
76	736	rundll32.exe

Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

pid	Process
736	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\70f15444a37e87639aa53d866f06ee80b7f0f9943e0538aee3c3009d27bf41a9.dll,#1
1⤵
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
PID:736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/736-132-0x00000149A4560000-0x00000149A46A9000-memory.dmp

Filesize
1.3MB

Download
memory/736-133-0x00000149A43A0000-0x00000149A4415000-memory.dmp

Filesize
468KB

Download