Overview

overview

10

Static

static

Page.bat

windows7-x64

3

Page.bat

windows10-2004-x64

1

aboutUs.dll

windows7-x64

10

aboutUs.dll

windows10-2004-x64

10

document01.lnk

windows7-x64

8

document01.lnk

windows10-2004-x64

7

Analysis

  • max time kernel
    186s
  • max time network
    191s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-12-2022 18:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aboutUs.dll

  • Size

    1.5MB

  • MD5

    829e1ae91a3362f708f6e9a9222279ed

  • SHA1

    ae505fd299c6c75660f88c8710b00f1ab8d42766

  • SHA256

    f70cbdde53a4bacee3410caf7666f303e6958f8d1d0fb678afbfa1093e38b4cb

  • SHA512

    030226487b6d3ae2c53ff9729be731f692c798208e25024ea914cee14e9bfcc2edc94b31a54e355fcef93d6ee5d8c5a260b3621170a6b3b09f6553984eaf1299

  • SSDEEP

    24576:rgKYrq1rE7F3C9oqxmLJL+bomVWFuf3qj8r3d1fyMJu3n9HGPXUtOZEkTuuqW:UKXQyKDLd+omgFuXJutHsnL

Score
10/10
bumblebee0712trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0712

C2

192.254.79.122:443

139.177.146.25:443

104.219.233.145:443
rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee
  • Blocklisted process makes network request 7 IoCs
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\aboutUs.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of NtCreateThreadExHideFromDebugger
    PID:3880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3880-132-0x000001EE5EFE0000-0x000001EE5F129000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3880-133-0x000001EE5D420000-0x000001EE5D495000-memory.dmp

    Filesize

    468KB

    Download