Overview

overview

10

Static

static

1

d435c2841e...d6.exe

windows7-x64

10

d435c2841e...d6.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-03-2023 22:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d435c2841e8ce16595f99477f1f4d8e8cc36e6fe4f5ec2fbc0e03ca6085c12d6.exe

  • Size

    1.5MB

  • MD5

    561e2523966d09488de06662d172d94a

  • SHA1

    f55743392cf2d452a24f04af2423842b4f3107e0

  • SHA256

    d435c2841e8ce16595f99477f1f4d8e8cc36e6fe4f5ec2fbc0e03ca6085c12d6

  • SHA512

    d74ed09cb87f3bc2c49a35e674d16dbed0e46b7120ae547d07dd5f421ef5b619fe19e50cb09604f83f2a37a5c17fd1ee60cc5e9222fe2e402f05b277c17eceb3

  • SSDEEP

    24576:EkQI5Ks7XwuMmZTXvE4WuF78k4/I1eBpRa+s+D:Ekb57ZgLrHhiu

Score
10/10
bumblebeelg1703trojan

Malware Config

Extracted

Family

bumblebee

Botnet

lg1703

C2

37.28.155.36:443

192.254.79.101:443

107.189.12.129:443

51.83.248.92:443

194.135.33.184:443

194.135.33.85:443

103.175.16.104:443

205.185.113.34:443

172.86.120.111:443

192.111.146.184:443

209.141.53.174:443

195.133.192.10:443

51.68.144.43:443

157.254.194.119:443

146.19.173.86:443

209.141.40.19:443

160.20.147.242:443

104.168.157.253:443

103.175.16.15:443

51.75.62.204:443
rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d435c2841e8ce16595f99477f1f4d8e8cc36e6fe4f5ec2fbc0e03ca6085c12d6.exe
    "C:\Users\Admin\AppData\Local\Temp\d435c2841e8ce16595f99477f1f4d8e8cc36e6fe4f5ec2fbc0e03ca6085c12d6.exe"
    1⤵
    • Suspicious use of NtCreateThreadExHideFromDebugger
    PID:1656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1656-133-0x000001A063C20000-0x000001A063D81000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1656-134-0x000001A063C20000-0x000001A063D81000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1656-135-0x000001A063C20000-0x000001A063D81000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1656-136-0x000001A063A20000-0x000001A063AB5000-memory.dmp

    Filesize

    596KB

    Download