Overview

overview

10

Static

static

1

inst5.exe

windows7-x64

10

inst5.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    130s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    05-04-2023 07:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    inst5.exe

  • Size

    1.6MB

  • MD5

    e8b42b455ad5c4d250dd4fd42b227fc4

  • SHA1

    b1407fe42481ab0a707bb2cb161ebdc00c55c513

  • SHA256

    9570591e6b867c4f84aa74812957f13bc648ba7d2f1cbff9545005ededcb45f9

  • SHA512

    821cdbad69ecdf13293b88ec89252503dc67c874f5b34859769cdd37047520ff13f818443aee53a7e8c1793c44f439de2ea0d09a74170ff0020bf0aaab93c4e3

  • SSDEEP

    24576:tCqGvilxnZNLziKkRvfGbc7UxlG5BhC526U2Lo+1f0EN:tCD4Zyxa9lrDZ

Score
10/10
bumblebeeinsttrojan

Malware Config

Extracted

Family

bumblebee

Botnet

inst

C2

37.79.205.12:443

51.83.255.85:443

192.119.81.86:443

23.106.215.141:443

194.15.216.247:443

104.168.244.96:443
rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\inst5.exe
    "C:\Users\Admin\AppData\Local\Temp\inst5.exe"
    1⤵
    • Suspicious use of NtCreateThreadExHideFromDebugger
    PID:2044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2044-54-0x0000000000560000-0x00000000006C1000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2044-55-0x0000000000230000-0x00000000002C1000-memory.dmp

    Filesize

    580KB

    Download

  • memory/2044-56-0x0000000000560000-0x00000000006C1000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2044-57-0x0000000000560000-0x00000000006C1000-memory.dmp

    Filesize

    1.4MB

    Download