Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
23/02/2023, 01:00 UTC
General
-
Target
a8a25ee71c0e8e4a06cd1573271672b871f78eba5f41803ffda6f14006c81803.exe
-
Size
940KB
-
MD5
1990576c1cc7270e841955ee847917ed
-
SHA1
6a1bdc104349419f7f103407ab43451f0d2e5db2
-
SHA256
a8a25ee71c0e8e4a06cd1573271672b871f78eba5f41803ffda6f14006c81803
-
SHA512
5af0f72faf2577ebe1774be32529e6c922b80577d10695706470d7ae5ef8cb482650889e75b7a27bf73c9b45d58d82ae1e1591579155e7494033a4339507013b
-
SSDEEP
12288:nwqAuOKfZ2j/7LB3qy/lj41q/ypBmP0WbLVgk/6oQZrvXwkr9kqTDPgTzJm:nwoOZl6SJ5vBbXit5xETzJm
Score
10/10
Malware Config
Extracted
Family
bumblebee
Botnet
17maca
C2
108.62.141.20:443
23.108.57.201:443
108.62.118.170:443
rc4.plain
1
XNgHUGLrCD
Signatures
-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a8a25ee71c0e8e4a06cd1573271672b871f78eba5f41803ffda6f14006c81803.exe"C:\Users\Admin\AppData\Local\Temp\a8a25ee71c0e8e4a06cd1573271672b871f78eba5f41803ffda6f14006c81803.exe"1⤵
- Suspicious use of NtCreateThreadExHideFromDebugger
Network
-
DNS62.13.109.52.in-addr.arpaRemote address:8.8.8.8:53Request62.13.109.52.in-addr.arpaIN PTRResponse
-
108.62.141.20:443
-
198.72.79.114:464
-
20.42.73.25:443
-
173.223.113.164:443 -
209.197.3.8:80
-
35.11.247.165:392
-
173.223.113.131:80
-
204.79.197.203:80
-
23.108.57.201:443
-
200.48.91.8:310 -
205.80.85.244:168
-
69.138.251.24:207
-
8.8.8.8:5362.13.109.52.in-addr.arpadns
DNS Request
62.13.109.52.in-addr.arpa
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
556KB
-
Filesize
1.4MB