Analysis
-
max time kernel
147s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
11-02-2023 13:28
Static task
static1
Behavioral task
behavioral1
Sample
c9eb997b9af05af641a3708b006e34e6a9a4e7755fca72205cd187110375e7ac.dll
Resource
win7-20220901-en
3 signatures
150 seconds
General
-
Target
c9eb997b9af05af641a3708b006e34e6a9a4e7755fca72205cd187110375e7ac.dll
-
Size
1.1MB
-
MD5
0754f0df91f71d2e36f234c3852b157b
-
SHA1
6af19eb260bae0f01d13e6d618d93d63eb82d7c5
-
SHA256
c9eb997b9af05af641a3708b006e34e6a9a4e7755fca72205cd187110375e7ac
-
SHA512
f944a79b5852c7b8280dc479e2d4fd06bb09bbdb566bc5cbb4dc8340477204139ec4b9b0acbee3b7e3a3b2bc73f869f1e1d691690a35c9e9f711ab17e43f9deb
-
SSDEEP
24576:UxhinDzFYOcJpi16vsYSPN93IlZn3oCwg8LKMYL31IQNV:6iDnYc16vJO9QoC1M2N
Malware Config
Extracted
Family
bumblebee
Botnet
102lg
C2
146.70.29.237:443
205.185.113.34:443
23.106.223.182:443
103.144.139.146:443
rc4.plain
Signatures
-
Blocklisted process makes network request 10 IoCs
flow pid Process 1 1204 rundll32.exe 2 1204 rundll32.exe 4 1204 rundll32.exe 5 1204 rundll32.exe 6 1204 rundll32.exe 7 1204 rundll32.exe 8 1204 rundll32.exe 11 1204 rundll32.exe 12 1204 rundll32.exe 13 1204 rundll32.exe -
Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
pid Process 1204 rundll32.exe