Overview

overview

10

Static

static

devx_foot2.dll

windows7-x64

10

devx_foot2.dll

windows10-2004-x64

10

forum_old.bat

windows7-x64

3

forum_old.bat

windows10-2004-x64

3

license.lnk

windows7-x64

8

license.lnk

windows10-2004-x64

7

Analysis

  • max time kernel
    132s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-12-2022 14:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    devx_foot2.dll

  • Size

    1005KB

  • MD5

    b955bf20f8c1b01b9f1d12023183115d

  • SHA1

    1649e261310a5cd12965bc7a6440c18adaeea6b9

  • SHA256

    84155dc50b0e963c16477793e5814b9feb9603b80924a047d7558a26228b6749

  • SHA512

    4bee83ee71c7ce24d2488170c1b15861e280efa25637447d4b1b18acfcbe178ba4a21d70590771f617219dc20b26fec1da9b3ffd00480cfe06efc1833237a1e7

  • SSDEEP

    24576:YInlGCMQ33VI15YlmePz8nGQrUc9KLVy:j0CFyBn3rn9P

Score
10/10
bumblebee1412trojan

Malware Config

Extracted

Family

bumblebee

Botnet

1412

C2

108.62.141.52:443

23.82.140.180:443

198.98.51.235:443
rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee
  • Blocklisted process makes network request 6 IoCs
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\devx_foot2.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of NtCreateThreadExHideFromDebugger
    PID:5060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/5060-132-0x00000209529B0000-0x0000020952AF9000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/5060-133-0x00000209527B0000-0x0000020952826000-memory.dmp

    Filesize

    472KB

    Download