Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    16-12-2022 17:31

General

  • Target

    SecuriteInfo.com.Variant.Lazy.276085.26689.31061.dll

  • Size

    1005KB

  • MD5

    b955bf20f8c1b01b9f1d12023183115d

  • SHA1

    1649e261310a5cd12965bc7a6440c18adaeea6b9

  • SHA256

    84155dc50b0e963c16477793e5814b9feb9603b80924a047d7558a26228b6749

  • SHA512

    4bee83ee71c7ce24d2488170c1b15861e280efa25637447d4b1b18acfcbe178ba4a21d70590771f617219dc20b26fec1da9b3ffd00480cfe06efc1833237a1e7

  • SSDEEP

    24576:YInlGCMQ33VI15YlmePz8nGQrUc9KLVy:j0CFyBn3rn9P

Score
10/10

Malware Config

Extracted

Family

bumblebee

Botnet

1412

C2

108.62.141.52:443

23.82.140.180:443

198.98.51.235:443

rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

  • Blocklisted process makes network request 6 IoCs
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Lazy.276085.26689.31061.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of NtCreateThreadExHideFromDebugger
    PID:1764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1764-54-0x0000000001F10000-0x0000000002059000-memory.dmp

    Filesize

    1.3MB

  • memory/1764-55-0x0000000000470000-0x00000000004E6000-memory.dmp

    Filesize

    472KB