Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
16-12-2022 17:31
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Lazy.276085.26689.31061.dll
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
General
-
Target
SecuriteInfo.com.Variant.Lazy.276085.26689.31061.dll
-
Size
1005KB
-
MD5
b955bf20f8c1b01b9f1d12023183115d
-
SHA1
1649e261310a5cd12965bc7a6440c18adaeea6b9
-
SHA256
84155dc50b0e963c16477793e5814b9feb9603b80924a047d7558a26228b6749
-
SHA512
4bee83ee71c7ce24d2488170c1b15861e280efa25637447d4b1b18acfcbe178ba4a21d70590771f617219dc20b26fec1da9b3ffd00480cfe06efc1833237a1e7
-
SSDEEP
24576:YInlGCMQ33VI15YlmePz8nGQrUc9KLVy:j0CFyBn3rn9P
Malware Config
Extracted
Family
bumblebee
Botnet
1412
C2
108.62.141.52:443
23.82.140.180:443
198.98.51.235:443
rc4.plain
Signatures
-
Blocklisted process makes network request 6 IoCs
flow pid Process 1 1764 rundll32.exe 3 1764 rundll32.exe 6 1764 rundll32.exe 9 1764 rundll32.exe 12 1764 rundll32.exe 13 1764 rundll32.exe -
Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
pid Process 1764 rundll32.exe