bumblebee | 9ab0d6171d031459d39df0f341ff3347f17863aa84c80858d17a1e8ed314717b | Triage

Analysis

max time kernel
43s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
25-01-2023 19:40

Sharing

Report Analysis Logs

General

Target

blagh.dll
Size

1.4MB
MD5

b011dc11faff355016daf08fcb1abd81
SHA1

62a58af121db36989be8c8634a1c5734440dd0db
SHA256

aa5008349701dacf26f887d22cd9ab0dcd9ebcbe1717c4962f62163a4e057239
SHA512

a62dec7d2eed788e3d851349e2f1b8ba7a2096eb02db43e37704775f52d6de60ac13ca798fb13dc7f869c6d250fcaa80abdcb7774ada40a601b48c272f8d544b
SSDEEP

24576:uPQwS+0Q1j19uMjeVV3HK6hfz8kzfGMm8Mth+/LVNzv9WKAeqbqgvkC:20619uJVVXK6qmfGMmdt2VhwK7qb3sC

Score

10^/10

bumblebee hsyishsmqu trojan

Malware Config

Extracted

Family

bumblebee

Botnet

HsyIsHsmQu

rc4.plain

Signatures

BumbleBee
BumbleBee is a webshell malware written in C++.
trojan bumblebee

Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

pid	Process
1080	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\blagh.dll,#1
1⤵
- Suspicious use of NtCreateThreadExHideFromDebugger
PID:1080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1080-54-0x0000000001B40000-0x0000000001CB4000-memory.dmp

Filesize
1.5MB

Download