bumblebee | BumbleBee[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

BumbleBee.dll
Size

1.3MB
MD5

2683b6adae3a5c0b2ac195766f0f5ede
SHA1

1cf5bb61caf94d9b0d91452bdb9fa127473e1dce
SHA256

553c824326af8c08572dbb679df0b9ae772cb9811fd5f3b8454c34ed9891441f
SHA512

382c1af3864ff543a9f014d78029655288c6915150d5df38dce583c307089da0d60256e3a60c4b4d6f0818a6c9ad92254a578010d0d7f3c59ff85a88c9231b70
SSDEEP

24576:DRR7fW2rk/sMBwNUY89q49Zx/0ISSMca+ZVw5wjxz:/M9Bt7q49Zx/nLMx+zwGjp

Score

10^/10

legi bumblebee

Malware Config

Extracted

Family

bumblebee

Botnet

legi

172.86.121.59:443

91.245.254.97:443

172.86.121.56:443

rc4.plain

Signatures

Bumblebee family
bumblebee

Files

BumbleBee.dll
.dll windows x64

05f59fd8a5d7a18dc7e31c9c68a9b447

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

crypt32

CertCreateCertificateChainEngine
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain

secur32

InitSecurityInterfaceA

kernel32

GetFileAttributesA
GetCurrentProcess
ResumeThread
CreateEventW
SetEvent
GetThreadContext
GetProcAddress
GetModuleHandleW
SetThreadContext
SetWaitableTimer
TlsSetValue
SetLastError
EnterCriticalSection
CreateWaitableTimerW
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
PostQueuedCompletionStatus
FormatMessageW
GetLastError
TerminateThread
TlsAlloc
QueueUserAPC
LocalFree
DeleteCriticalSection
VerSetConditionMask
WideCharToMultiByte
SleepEx
VerifyVersionInfoW
TlsGetValue
TlsFree
FormatMessageA
CreateIoCompletionPort
AreFileApisANSI
ReadFile
SetHandleInformation
CreateNamedPipeA
WriteFile
TerminateProcess
GetCurrentThreadId
GetSystemDirectoryW
MultiByteToWideChar
CreateFileA
GetEnvironmentStrings
CreateProcessA
FreeEnvironmentStringsA
GetExitCodeProcess
LoadLibraryW
Sleep
OpenProcess
Thread32First
GetModuleHandleA
LoadLibraryA
VirtualProtectEx
OpenThread
HeapFree
VirtualAlloc
lstrlenA
HeapReAlloc
HeapAlloc
GetProcessHeap
GetModuleFileNameA
GetModuleFileNameW
SetFilePointer
CreateFileW
lstrcmpA
VirtualProtect
VirtualFree
GetStdHandle
WriteConsoleW
SetFilePointerEx
HeapSize
SetStdHandle
CloseHandle
CreateToolhelp32Snapshot
WaitForSingleObject
GetCurrentProcessId
lstrcatA
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
Thread32Next
FindFirstFileExA
FindClose
GetTimeZoneInformation
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
ExitProcess
GetModuleHandleExW
ExitThread
RtlUnwindEx
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
GetCurrentThread
RtlPcToFileHeader
EncodePointer
DecodePointer
RaiseException
QueryPerformanceCounter
QueryPerformanceFrequency
TryEnterCriticalSection
GetSystemTimeAsFileTime
GetTickCount
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
InitializeSListHead
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait

advapi32

LookupPrivilegeValueW

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket

oleaut32

VariantClear
SysAllocString
SysFreeString
VariantInit

ws2_32

WSAGetLastError
setsockopt
ioctlsocket
freeaddrinfo
getsockopt
WSARecv
connect
getaddrinfo
WSASocketW
WSASetLastError
shutdown
select
WSASend
closesocket
WSACleanup
WSAStartup

rpcrt4

RpcServerUseProtseqEpA
RpcServerListen
RpcServerRegisterIfEx
RpcBindingFree
NdrServerCall2

Exports

Exports

dataCheck
setPath

Sections

.text
Size: 808KB - Virtual size: 808KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

05f59fd8a5d7a18dc7e31c9c68a9b447

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

secur32

kernel32

advapi32

shell32

ole32

oleaut32

ws2_32

rpcrt4

Exports

Exports

Sections

.text Size: 808KB - Virtual size: 808KB

.rdata Size: 320KB - Virtual size: 320KB

.data Size: 116KB - Virtual size: 116KB

.pdata Size: 44KB - Virtual size: 44KB

.gfids Size: 8KB - Virtual size: 8KB

.tls Size: 8KB - Virtual size: 8KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 808KB - Virtual size: 808KB

.rdata
Size: 320KB - Virtual size: 320KB

.data
Size: 116KB - Virtual size: 116KB

.pdata
Size: 44KB - Virtual size: 44KB

.gfids
Size: 8KB - Virtual size: 8KB

.tls
Size: 8KB - Virtual size: 8KB

.reloc
Size: 8KB - Virtual size: 8KB