Overview

overview

10

Static

static

week.dll

windows7-x64

10

week.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    157s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 20:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    week.dll

  • Size

    925KB

  • MD5

    8c99216011886a809be0b08f5128b91c

  • SHA1

    a6c2eb84abdd08b894b6f4daa64e1cf367481193

  • SHA256

    b90f420b5e66c7f9c24c75bc0553d250bb0d79df2be0b0738625cb7159d86fa7

  • SHA512

    c9a4acf7b1cda0d2617c69bb5c8cbd28b530f856d271e2dc7c08bd75d60dedd8393e23901e63b4c23de4833be4997ddc9b245fb90231922d14e2a38e03b5635c

  • SSDEEP

    24576:i+meq+lHCu0cja71hbkGeVdf36dPsxg/MP:vmeq+whtkFNg/k

Score
10/10
bumblebee0112trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0112

C2

172.86.123.150:443

91.245.253.76:443

23.106.223.1:443
rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee
  • Blocklisted process makes network request 7 IoCs
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\week.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of NtCreateThreadExHideFromDebugger
    PID:696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/696-54-0x0000000001FD0000-0x0000000002119000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/696-55-0x0000000001C70000-0x0000000001CE5000-memory.dmp

    Filesize

    468KB

    Download