Overview

overview

10

Static

static

10

blagh.dll

windows7-x64

10

blagh.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    111s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2023 19:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    blagh.dll

  • Size

    1.4MB

  • MD5

    b011dc11faff355016daf08fcb1abd81

  • SHA1

    62a58af121db36989be8c8634a1c5734440dd0db

  • SHA256

    aa5008349701dacf26f887d22cd9ab0dcd9ebcbe1717c4962f62163a4e057239

  • SHA512

    a62dec7d2eed788e3d851349e2f1b8ba7a2096eb02db43e37704775f52d6de60ac13ca798fb13dc7f869c6d250fcaa80abdcb7774ada40a601b48c272f8d544b

  • SSDEEP

    24576:uPQwS+0Q1j19uMjeVV3HK6hfz8kzfGMm8Mth+/LVNzv9WKAeqbqgvkC:20619uJVVXK6qmfGMmdt2VhwK7qb3sC

Score
10/10
bumblebeehsyishsmqutrojan

Malware Config

Extracted

Family

bumblebee

Botnet

HsyIsHsmQu

rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\blagh.dll,#1
    1⤵
    • Suspicious use of NtCreateThreadExHideFromDebugger
    PID:616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/616-132-0x000001EC6CE60000-0x000001EC6CFD4000-memory.dmp

    Filesize

    1.5MB

    Download