bumblebee | 9e84ae14e226a5c9a3efd85d1b5df6869aab9245cddb4ae6eb81e943886253d6

Analysis

max time kernel
31s
max time network
35s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
22-03-2023 14:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9e84ae14e226a5c9a3efd85d1b5df6869aab9245cddb4ae6eb81e943886253d6.dll
Size

1.0MB
MD5

15fed1d31f4af4928e915b36f4baa88e
SHA1

32954f133e1713b18f45576dc3244bff47cc19cd
SHA256

9e84ae14e226a5c9a3efd85d1b5df6869aab9245cddb4ae6eb81e943886253d6
SHA512

15b19901f11f054db976f682e1fe8c84c4cea37ac36956e49844448649c7b73a86bdd2285881e0955af7c14418a45bb0febcaa5e04189c87f2196673671c51ef
SSDEEP

24576:meO5bAblScTMT7qZrP7A/lVXiZb0d9hMwPsmBcm8C:membTc8mZr7A7i90nh7Em1

Score

10^/10

bumblebee mvtm1703 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

mvtm1703

194.135.33.182:443

205.185.127.176:443

103.175.16.133:443

45.61.187.204:443

rc4.plain

Signatures

BumbleBee
BumbleBee is a webshell malware written in C++.
trojan bumblebee

Blocklisted process makes network request 1 IoCs

flow	pid	Process
1	1780	rundll32.exe

Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

pid	Process
1780	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1356	1780	WerFault.exe	18

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1780 wrote to memory of 1356	1780	rundll32.exe	27
PID 1780 wrote to memory of 1356	1780	rundll32.exe	27
PID 1780 wrote to memory of 1356	1780	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9e84ae14e226a5c9a3efd85d1b5df6869aab9245cddb4ae6eb81e943886253d6.dll,#1
1⤵
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:1780
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1780 -s 480
  2⤵
  - Program crash
  PID:1356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1780-54-0x0000000002DF0000-0x0000000002F51000-memory.dmp

Filesize
1.4MB

Download
memory/1780-55-0x0000000001E40000-0x0000000001ECA000-memory.dmp

Filesize
552KB

Download
memory/1780-56-0x0000000002DF0000-0x0000000002F51000-memory.dmp

Filesize
1.4MB

Download
memory/1780-57-0x0000000002DF0000-0x0000000002F51000-memory.dmp

Filesize
1.4MB

Download
memory/1780-58-0x0000000002DF0000-0x0000000002F51000-memory.dmp

Filesize
1.4MB

Download