bumblebee | 2d5c9b33ed298f5fb67ce869c74b2f2ec9179a924780da65fcbc1a0e0463c5d0

Analysis

max time kernel
141s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
04-03-2023 09:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LoaderDLL.bin.dll
Size

1.4MB
MD5

deea9419fa5187f9f454609d4d173c19
SHA1

81557fb9c53bae28c27ef6120c94c30012b408fa
SHA256

2d5c9b33ed298f5fb67ce869c74b2f2ec9179a924780da65fcbc1a0e0463c5d0
SHA512

373362932236347a7bfc06c86a1aa746cfdacafaf5b5433e368396c69a8e46039044d243cf812a163cfd1ebb796bea7480c2b495c25d7509719703f2b3da33ef
SSDEEP

24576:GJAx41SXU4LG5Vlcz8PBhNbJgwm9CEl9DAvOBddLfl93pb3:g0bG5Vyz8B9gwm95AAdhfD3

Score

10^/10

bumblebee 202lg trojan

Malware Config

Extracted

Family

bumblebee

Botnet

202lg

104.168.157.253:443

209.141.40.19:443

107.189.5.17:443

23.254.167.63:443

91.206.178.234:443

146.19.173.86:443

103.175.16.104:443

194.135.33.85:443

173.234.155.246:443

51.68.144.43:443

172.86.120.111:443

160.20.147.242:443

51.75.62.204:443

205.185.113.34:443

194.135.33.184:443

23.82.140.155:443

185.173.34.35:443

rc4.plain

Signatures

BumbleBee
BumbleBee is a webshell malware written in C++.
trojan bumblebee

Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

pid	Process
4332	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\LoaderDLL.bin.dll,#1
1⤵
- Suspicious use of NtCreateThreadExHideFromDebugger
PID:4332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4332-133-0x000001E5D27B0000-0x000001E5D2924000-memory.dmp

Filesize
1.5MB

Download
memory/4332-134-0x00007FFB91970000-0x00007FFB91971000-memory.dmp

Filesize
4KB

Download