Analysis
-
max time kernel
128s -
max time network
178s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
11-02-2023 13:26
General
-
Target
21518b72a38ce7cadd7a8d378c7a0ce64b8902293395cb3473f20955de615b49.dll
-
Size
1.1MB
-
MD5
347f3b70470e745d129d22c4497613f2
-
SHA1
daa009dd042be35a27cbdf030490095b0a34fbea
-
SHA256
21518b72a38ce7cadd7a8d378c7a0ce64b8902293395cb3473f20955de615b49
-
SHA512
c956115898b085535780c8791099a12b60a8050c3ad5536c5e486db29c18e13c706329e259355e197fb94493575990952295f2b0b9c9ebeb80788c048a083b0e
-
SSDEEP
24576:m36bYNlX4Y64TrO2CFriuKmykVq169HdK3AorTHMxsdRa:TYNxp64OHBqs5oPHh
Score
10/10
Malware Config
Extracted
Family
bumblebee
Botnet
102lg
C2
146.70.29.237:443
205.185.113.34:443
23.106.223.182:443
103.144.139.146:443
rc4.plain
Signatures
-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Blocklisted process makes network request 6 IoCs
-
Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\21518b72a38ce7cadd7a8d378c7a0ce64b8902293395cb3473f20955de615b49.dll,stProgNew1⤵
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
-
Filesize
508KB