Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
20-02-2023 15:34
General
-
Target
sites.dll
-
Size
1.0MB
-
MD5
f45158898ff7d51ee58bb3ed074c7641
-
SHA1
00fc74c4ed5839c04e2a0020efeda9dedaa8c107
-
SHA256
955f07f3e905c8f113cd545ea70cf0a23e305ed3aafa9675e0780fdb366f6456
-
SHA512
1987312187ac48e80100f7b18a13fe7fb399c9cb319af2047101e2c9862fe3f80a5132df08f5c755b774478c4fb7fbd3aed0cf1719a30381829f56b6c462678d
-
SSDEEP
24576:2pAVUZL/hhrQHOznbrMOA+OlnDrN/LFPsNmM:2pfROOz/MO09SM
Score
10/10
Malware Config
Extracted
Family
bumblebee
Botnet
202cc
C2
23.82.140.155:443
195.20.17.75:443
104.168.157.253:443
160.20.147.242:443
103.175.16.104:443
51.68.144.43:443
23.254.167.63:443
205.185.113.34:443
51.75.62.204:443
91.206.178.234:443
185.173.34.35:443
146.19.173.86:443
86.106.131.105:443
172.86.120.111:443
192.111.146.178:443
173.234.155.246:443
194.135.33.184:443
rc4.plain
Signatures
-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Blocklisted process makes network request 8 IoCs
-
Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\sites.dll,zEUoJRLwJHTo1⤵
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
-
Filesize
512KB