Analysis
-
max time kernel
140s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
20-04-2023 17:45
Static task
static1
Behavioral task
behavioral1
Sample
d763681286d9d514420c27210746edd5bb9b563b626c0cdb2c61239292b86535.dll
Resource
win7-20230220-en
windows7-x64
3 signatures
150 seconds
General
-
Target
d763681286d9d514420c27210746edd5bb9b563b626c0cdb2c61239292b86535.dll
-
Size
1.4MB
-
MD5
adcfd6939319c09ad8cbef72a81944a5
-
SHA1
154c1f4bc247d79789ec7eaf0feb92ea0d932445
-
SHA256
d763681286d9d514420c27210746edd5bb9b563b626c0cdb2c61239292b86535
-
SHA512
4f4fb6e9d2c833d4335dc816fbac2b5d25d3b95fdd1dced1b795c5564d367dca533eb743842fcf31ae74563cba451ae55b226e44f05b4745613b8e6e50e010ce
-
SSDEEP
24576:fno8Poz7SOWZlz7nnGqCk//xhxNbcFzPCC5lZXVQ:fjo/+GwPr
Malware Config
Extracted
Family
bumblebee
Botnet
mc1904
C2
146.70.155.82:443
149.3.170.179:443
103.175.16.150:443
rc4.plain
Signatures
-
Blocklisted process makes network request 7 IoCs
flow pid Process 10 4660 rundll32.exe 19 4660 rundll32.exe 31 4660 rundll32.exe 45 4660 rundll32.exe 46 4660 rundll32.exe 48 4660 rundll32.exe 49 4660 rundll32.exe -
Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
pid Process 4660 rundll32.exe