General
-
Target
d435c2841e8ce16595f99477f1f4d8e8cc36e6fe4f5ec2fbc0e03ca6085c12d6
-
Size
1.5MB
-
Sample
230319-2llk8sce7w
-
MD5
561e2523966d09488de06662d172d94a
-
SHA1
f55743392cf2d452a24f04af2423842b4f3107e0
-
SHA256
d435c2841e8ce16595f99477f1f4d8e8cc36e6fe4f5ec2fbc0e03ca6085c12d6
-
SHA512
d74ed09cb87f3bc2c49a35e674d16dbed0e46b7120ae547d07dd5f421ef5b619fe19e50cb09604f83f2a37a5c17fd1ee60cc5e9222fe2e402f05b277c17eceb3
-
SSDEEP
24576:EkQI5Ks7XwuMmZTXvE4WuF78k4/I1eBpRa+s+D:Ekb57ZgLrHhiu
Malware Config
Extracted
bumblebee
lg1703
37.28.155.36:443
192.254.79.101:443
107.189.12.129:443
51.83.248.92:443
194.135.33.184:443
194.135.33.85:443
103.175.16.104:443
205.185.113.34:443
172.86.120.111:443
192.111.146.184:443
209.141.53.174:443
195.133.192.10:443
51.68.144.43:443
157.254.194.119:443
146.19.173.86:443
209.141.40.19:443
160.20.147.242:443
104.168.157.253:443
103.175.16.15:443
51.75.62.204:443
Targets
-
-
Target
d435c2841e8ce16595f99477f1f4d8e8cc36e6fe4f5ec2fbc0e03ca6085c12d6
-
Size
1.5MB
-
MD5
561e2523966d09488de06662d172d94a
-
SHA1
f55743392cf2d452a24f04af2423842b4f3107e0
-
SHA256
d435c2841e8ce16595f99477f1f4d8e8cc36e6fe4f5ec2fbc0e03ca6085c12d6
-
SHA512
d74ed09cb87f3bc2c49a35e674d16dbed0e46b7120ae547d07dd5f421ef5b619fe19e50cb09604f83f2a37a5c17fd1ee60cc5e9222fe2e402f05b277c17eceb3
-
SSDEEP
24576:EkQI5Ks7XwuMmZTXvE4WuF78k4/I1eBpRa+s+D:Ekb57ZgLrHhiu
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-