Analysis
-
max time kernel
149s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
10-02-2023 01:00
General
-
Target
071808d3ef79b01ad8bab9ff9d031e66ddd89d61b973dd680c7e9a8362c1546e.dll
-
Size
1.1MB
-
MD5
22c884dd78b0ab7f6c6c5eedd37a4e89
-
SHA1
4674e0c2a601d15c3dc6a9e273c77b93ee44796f
-
SHA256
071808d3ef79b01ad8bab9ff9d031e66ddd89d61b973dd680c7e9a8362c1546e
-
SHA512
b0f06d1956c36b1c03f03d9a3cc19eeff5071b974f7fcbce6a7f08225709b543efc4fd2829d5ebe461f13295b28df88680602c13470e9ad86314f0f839580a78
-
SSDEEP
24576:/cgtVNEgRC+Bk1zJGa41QUF7BRQQRNEEEh9g7aEgxPNOa:ptzEmC+W114qUdgQXaiq
Score
10/10
Malware Config
Extracted
Family
bumblebee
Botnet
80223
C2
205.185.113.34:443
172.86.120.111:443
23.254.167.63:443
103.175.16.104:443
rc4.plain
Signatures
-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Blocklisted process makes network request 6 IoCs
-
Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\071808d3ef79b01ad8bab9ff9d031e66ddd89d61b973dd680c7e9a8362c1546e.dll,#11⤵
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
-
Filesize
508KB