Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

Contract_0...62.exe

windows7-x64

10

Contract_0...62.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/02/2023, 06:48 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Contract_02_21_Copy#62.exe

  • Size

    1.4MB

  • MD5

    265823c02612858ba4ce8b8953a48d95

  • SHA1

    7452a48dffc4e5a2fdbb72531b0a4e123ce240e5

  • SHA256

    ccfac10bb3c4891323c4ea633ccb1e4afbc322541f594bf829e2864c7cab3fdc

  • SHA512

    6fb865d7a39fa9d9bab647a3c3946e6a5a26e1d5d219d1e6bc576788f463f258c8e4acb76ca40a2e8b7640957b2c53c375ba601b74ed404c3ef7921e611bad49

  • SSDEEP

    24576:IkA96A3job7wuLBVzKc8KJ4xc3dE0oTfs3erB:IzB30b7XtVJd3dE/E3Y

Score
10/10
bumblebee21macatrojan

Malware Config

Extracted

Family

bumblebee

Botnet

21maca

C2

108.62.141.20:443

104.168.140.145:443

51.68.145.171:443

108.62.118.170:443

192.119.72.133:443

23.108.57.201:443
rc4.plain
1
XNgHUGLrCD

Signatures

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Contract_02_21_Copy#62.exe
    "C:\Users\Admin\AppData\Local\Temp\Contract_02_21_Copy#62.exe"
    1⤵
    • Suspicious use of NtCreateThreadExHideFromDebugger
    PID:5036

Network

  • flag-us
    DNS
    45.8.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    45.8.109.52.in-addr.arpa
    IN PTR
    Response
  • 40.193.27.226:315
    Contract_02_21_Copy#62.exe
    260 B
     5
  • 197.170.198.152:234
    Contract_02_21_Copy#62.exe
    260 B
     5
  • 20.189.173.4:443
    322 B
     7
  • 163.223.67.191:321
    Contract_02_21_Copy#62.exe
    260 B
     5
  • 209.197.3.8:80
    322 B
     7
  • 73.237.181.95:225
    Contract_02_21_Copy#62.exe
    260 B
     5
  • 173.223.113.164:443
    322 B
     7
  • 173.223.113.131:80
    322 B
     7
  • 204.79.197.203:80
    api.msn.com
    322 B
     7
  • 210.251.33.116:444
    Contract_02_21_Copy#62.exe
    260 B
     5
  • 84.35.30.131:488
    Contract_02_21_Copy#62.exe
    260 B
     5
  • 112.55.152.187:175
    Contract_02_21_Copy#62.exe
    156 B
     3
  • 8.8.8.8:53
    45.8.109.52.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    45.8.109.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/5036-133-0x000001DFC4190000-0x000001DFC42F1000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/5036-134-0x000001DFC4190000-0x000001DFC42F1000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/5036-135-0x000001DFC4190000-0x000001DFC42F1000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/5036-136-0x000001DFC3F80000-0x000001DFC400B000-memory.dmp

    Filesize

    556KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.