Overview

overview

10

Static

static

1

sample.dll

windows7-x64

10

sample.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sample.dll

  • Size

    903KB

  • Sample

    230203-v4xb5abh2t

  • MD5

    a740177df6f2918373d4e6f482b8c2e3

  • SHA1

    4501edd7904033cfdee783c03af2df0db935be30

  • SHA256

    51bb71bd446bd7fc03cc1234fcc3f489f10db44e312c9ce619b937fad6912656

  • SHA512

    ec45deeffd340dafecd065d22823df9a6f7e3cbc03e64316b6b7433f051a060c610e2c2d3df03d33966b05b03183af56074cc81a8383bcbf8fb0e61dc22dad73

  • SSDEEP

    24576:gYfSxQ6Gjq/v/PQ7fV+Hz9PuYWp9ToAbXjTA+JxN9QS:/fSqovPQ7Cs9FbTTAAbx

Score
10/10
bumblebeetokdlltrojan

Malware Config

Extracted

Family

bumblebee

Botnet

tokdll

C2

195.20.17.233:443

192.111.146.189:443

62.113.238.73:443
rc4.plain

Targets

    • Target

      sample.dll

    • Size

      903KB

    • MD5

      a740177df6f2918373d4e6f482b8c2e3

    • SHA1

      4501edd7904033cfdee783c03af2df0db935be30

    • SHA256

      51bb71bd446bd7fc03cc1234fcc3f489f10db44e312c9ce619b937fad6912656

    • SHA512

      ec45deeffd340dafecd065d22823df9a6f7e3cbc03e64316b6b7433f051a060c610e2c2d3df03d33966b05b03183af56074cc81a8383bcbf8fb0e61dc22dad73

    • SSDEEP

      24576:gYfSxQ6Gjq/v/PQ7fV+Hz9PuYWp9ToAbXjTA+JxN9QS:/fSqovPQ7Cs9FbTTAAbx

    Score
    10/10
    bumblebeetokdlltrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Blocklisted process makes network request

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks