bumblebee | BumbleBeeLoader[.]bin[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

BumbleBeeLoader.bin.exe
Size

1.4MB
MD5

d5917b4035dabf4e1df81fd79c4d2313
SHA1

458057cfa84c793a18f436b38d996c8e766516d2
SHA256

4a5d5e6537044cdbf8de9960d79c85b15997784ba1b74659dbfcb248ccc94f59
SHA512

56cb5b8a41d986946cd67960a54a3a2c2c1e88676a4f45c019eca2528c7bd4e027bfd40797213b0af65c141d2fd18383c0ee9260639d6617aea157acbde92fda
SSDEEP

24576:UJAx41SXU4LG5Vlcz8PBhNbJgwm9CEl9DAvOBddLfl93pb3:20bG5Vyz8B9gwm95AAdhfD3

Score

10^/10

202lg bumblebee

Malware Config

Extracted

Family

bumblebee

Botnet

202lg

104.168.157.253:443

209.141.40.19:443

107.189.5.17:443

23.254.167.63:443

91.206.178.234:443

146.19.173.86:443

103.175.16.104:443

194.135.33.85:443

173.234.155.246:443

51.68.144.43:443

172.86.120.111:443

160.20.147.242:443

51.75.62.204:443

205.185.113.34:443

194.135.33.184:443

23.82.140.155:443

185.173.34.35:443

rc4.plain

Signatures

Bumblebee family
bumblebee

Files

BumbleBeeLoader.bin.exe
.dll windows x64

431e6e792a56b1691f9196798083e783

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

crypt32

CertVerifyCertificateChainPolicy
CertCreateCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext

secur32

InitSecurityInterfaceA

shlwapi

PathCombineW
StrStrIW
PathRemoveExtensionW
PathFindFileNameW
PathFileExistsW
StrCmpIW

kernel32

Process32NextW
Process32FirstW
CloseHandle
OpenProcess
GetFileAttributesA
GetCurrentProcess
ResumeThread
CreateEventW
SetEvent
GetThreadContext
GetProcAddress
GetModuleHandleW
SetThreadContext
SetWaitableTimer
TlsSetValue
SetLastError
EnterCriticalSection
CreateWaitableTimerW
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
PostQueuedCompletionStatus
FormatMessageW
GetLastError
TerminateThread
TlsAlloc
QueueUserAPC
LocalFree
DeleteCriticalSection
VerSetConditionMask
WideCharToMultiByte
SleepEx
VerifyVersionInfoW
TlsGetValue
TlsFree
FormatMessageA
CreateIoCompletionPort
AreFileApisANSI
ReadFile
SetHandleInformation
CreateNamedPipeA
WriteFile
TerminateProcess
GetCurrentThreadId
GetSystemDirectoryW
MultiByteToWideChar
CreateFileA
GetEnvironmentStrings
CreateProcessA
FreeEnvironmentStringsA
GetExitCodeProcess
LoadLibraryW
Sleep
Thread32Next
Thread32First
GetModuleHandleA
LoadLibraryA
VirtualProtectEx
OpenThread
HeapFree
VirtualAlloc
lstrlenA
CreateFileW
CreateToolhelp32Snapshot
HeapAlloc
GetFileSize
GetProcessHeap
GetModuleFileNameA
GetModuleFileNameW
SetFilePointer
lstrcmpA
VirtualProtect
VirtualFree
Wow64DisableWow64FsRedirection
ExpandEnvironmentStringsW
Wow64RevertWow64FsRedirection
GetWindowsDirectoryW
GetCurrentDirectoryW
GlobalMemoryStatusEx
GetTickCount
GetFileAttributesW
GetStdHandle
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
WaitForSingleObject
GetCurrentProcessId
CopyFileA
lstrcatA
GetTempFileNameW
CopyFileW
DeleteFileW
FindClose
GetTempPathW
FindNextFileW
FindFirstFileW
ReadConsoleW
HeapSize
SetEndOfFile
GetCommandLineA
FindNextFileA
FindFirstFileExA
GetTimeZoneInformation
GetOEMCP
IsValidCodePage
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
ExitProcess
GetACP
GetModuleHandleExW
ExitThread
RtlUnwindEx
HeapReAlloc
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
InitializeSListHead
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
RtlPcToFileHeader
EncodePointer
DecodePointer
RaiseException
QueryPerformanceCounter
QueryPerformanceFrequency
TryEnterCriticalSection
GetSystemTimeAsFileTime

user32

FindWindowW
GetCursorPos

advapi32

RegQueryValueExW
GetUserNameW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
EnumServicesStatusExW
OpenSCManagerW
LookupPrivilegeValueW
CloseServiceHandle

shell32

SHGetKnownFolderPath
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoTaskMemFree
CoSetProxyBlanket

oleaut32

SafeArrayGetUBound
VariantClear
SysAllocString
SysFreeString
VariantInit
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayGetLBound

mpr

WNetGetProviderNameW

iphlpapi

GetAdaptersInfo

wtsapi32

WTSEnumerateProcessesA
WTSFreeMemory

ws2_32

WSAStartup
connect
getsockopt
getaddrinfo
WSASocketW
WSARecv
WSAGetLastError
WSASetLastError
shutdown
setsockopt
ioctlsocket
freeaddrinfo
WSACleanup
closesocket
WSASend
select

rpcrt4

RpcServerListen
RpcBindingFree
NdrServerCall2
RpcServerUseProtseqEpA
RpcServerRegisterIfEx

Exports

Exports

dataCheck
setPath

Sections

.text
Size: 934KB - Virtual size: 933KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

431e6e792a56b1691f9196798083e783

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

secur32

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

mpr

iphlpapi

wtsapi32

ws2_32

rpcrt4

Exports

Exports

Sections

.text Size: 934KB - Virtual size: 933KB

.rdata Size: 358KB - Virtual size: 358KB

.data Size: 83KB - Virtual size: 111KB

.pdata Size: 50KB - Virtual size: 50KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 5KB - Virtual size: 5KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 934KB - Virtual size: 933KB

.rdata
Size: 358KB - Virtual size: 358KB

.data
Size: 83KB - Virtual size: 111KB

.pdata
Size: 50KB - Virtual size: 50KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 5KB - Virtual size: 5KB

.reloc
Size: 7KB - Virtual size: 7KB