Overview

overview

10

Static

static

1

Documents ...3D.exe

windows7-x64

10

Documents ...3D.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Documents invoice-plan_032023D.exe

  • Size

    1.5MB

  • Sample

    230318-bzrfjacg81

  • MD5

    f7a10eb821d8240c575b688d837ae937

  • SHA1

    c58d0c8ed6f9120ec68d9f39ba72c487583b5aef

  • SHA256

    292a354782e33a4cec2fbe5e24d3d464d7978d7f676f50b4a28c86a722a99a5f

  • SHA512

    2eb2d1c451124567be49cf24fcb80eabf0cd344f74decc73e773bb4ec0832916d16e6a809b3ca88759509585458b02cb8b44ecde0cbfb909eab83a2990c11751

  • SSDEEP

    24576:llitobyFBDzaedo/ngn0W8pHa7YpmxCvWB9ImnxDgB:llitoGBaZCqMYpmx+WBWIxDO

Score
10/10
bumblebeelg1703trojan

Malware Config

Extracted

Family

bumblebee

Botnet

lg1703

C2

37.28.155.36:443

192.254.79.101:443

107.189.12.129:443

51.83.248.92:443

194.135.33.184:443

194.135.33.85:443

103.175.16.104:443

205.185.113.34:443

172.86.120.111:443

192.111.146.184:443

209.141.53.174:443

195.133.192.10:443

51.68.144.43:443

157.254.194.119:443

146.19.173.86:443

209.141.40.19:443

160.20.147.242:443

104.168.157.253:443

103.175.16.15:443

51.75.62.204:443
rc4.plain

Targets

    • Target

      Documents invoice-plan_032023D.exe

    • Size

      1.5MB

    • MD5

      f7a10eb821d8240c575b688d837ae937

    • SHA1

      c58d0c8ed6f9120ec68d9f39ba72c487583b5aef

    • SHA256

      292a354782e33a4cec2fbe5e24d3d464d7978d7f676f50b4a28c86a722a99a5f

    • SHA512

      2eb2d1c451124567be49cf24fcb80eabf0cd344f74decc73e773bb4ec0832916d16e6a809b3ca88759509585458b02cb8b44ecde0cbfb909eab83a2990c11751

    • SSDEEP

      24576:llitobyFBDzaedo/ngn0W8pHa7YpmxCvWB9ImnxDgB:llitoGBaZCqMYpmx+WBWIxDO

    Score
    10/10
    bumblebeelg1703trojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks