Overview

overview

10

Static

static

1

Setup_Win_...26.exe

windows7-x64

10

Setup_Win_...26.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    21-02-2023 16:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup_Win_21-02-2023_16-12-26.exe

  • Size

    940KB

  • MD5

    1990576c1cc7270e841955ee847917ed

  • SHA1

    6a1bdc104349419f7f103407ab43451f0d2e5db2

  • SHA256

    a8a25ee71c0e8e4a06cd1573271672b871f78eba5f41803ffda6f14006c81803

  • SHA512

    5af0f72faf2577ebe1774be32529e6c922b80577d10695706470d7ae5ef8cb482650889e75b7a27bf73c9b45d58d82ae1e1591579155e7494033a4339507013b

  • SSDEEP

    12288:nwqAuOKfZ2j/7LB3qy/lj41q/ypBmP0WbLVgk/6oQZrvXwkr9kqTDPgTzJm:nwoOZl6SJ5vBbXit5xETzJm

Score
10/10
bumblebee17macatrojan

Malware Config

Extracted

Family

bumblebee

Botnet

17maca

C2

108.62.141.20:443

23.108.57.201:443

108.62.118.170:443
rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup_Win_21-02-2023_16-12-26.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup_Win_21-02-2023_16-12-26.exe"
    1⤵
    • Suspicious use of NtCreateThreadExHideFromDebugger
    PID:1108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1108-54-0x0000000000610000-0x0000000000771000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1108-55-0x0000000000610000-0x0000000000771000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1108-56-0x00000000000D0000-0x000000000015B000-memory.dmp

    Filesize

    556KB

    Download

  • memory/1108-57-0x0000000000610000-0x0000000000771000-memory.dmp

    Filesize

    1.4MB

    Download