Overview

overview

10

Static

static

1

reviews.dll

windows7-x64

10

reviews.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    134s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    21-02-2023 18:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    reviews.dll

  • Size

    5.5MB

  • MD5

    4d409aebb3389bd35d81778ea797ad6e

  • SHA1

    058886b2012164dc54ba8be6316cc1ce02343f8f

  • SHA256

    c770b2a5a9a01f84785a965a2eab1430ce0fa8b7ecec61715f00ef69c84448c2

  • SHA512

    7ceedce04e7a39b0186ca369acc015e2b3c8247c9fcdbcd9fe334fa052b5db134020106e09bad704961392d0dddc8c9698058ac057f470dbfbf6e7e85110a3a2

  • SSDEEP

    49152:prv+wvEd7anDUyHxzAjK5GhknnzO63+uaLggO61SwcEunJFxs:prv+wvEd7anDUyHx

Score
10/10
bumblebee212cctrojan

Malware Config

Extracted

Family

bumblebee

Botnet

212cc

C2

205.185.113.34:443

185.173.34.35:443

160.20.147.242:443

195.20.17.75:443

91.206.178.234:443

104.168.157.253:443

146.19.173.86:443

86.106.131.105:443

51.75.62.204:443

51.68.144.43:443

103.175.16.13:443

23.254.167.63:443

23.82.140.155:443

185.17.40.138:443

192.111.146.178:443

157.254.194.117:443

194.135.33.184:443

172.86.120.111:443

103.175.16.104:443

173.234.155.246:443
rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee
  • Blocklisted process makes network request 7 IoCs
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\reviews.dll,JLAFOcpbWdVd
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of NtCreateThreadExHideFromDebugger
    PID:2044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2044-54-0x0000000002070000-0x00000000021D1000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2044-55-0x0000000001F10000-0x000000000206E000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2044-56-0x0000000002070000-0x00000000021D1000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2044-57-0x0000000002070000-0x00000000021D1000-memory.dmp

    Filesize

    1.4MB

    Download