bumblebee | bumble[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

bumble.bin
Size

1.4MB
MD5

0432dc279cbe519e4a35c4b2dba8b0cd
SHA1

c65318792a607947dcf3ab889fe10de98139b6e3
SHA256

d6fd979020f6dd1d550b08fe33fec962359efe1479fca5a7d4240e9e05540cf0
SHA512

270cffa65df1006c67057310911033b8b4d67cb3d21233d65283502a594c7270b7780203476d5e95bd6923002c70cc527ccd961bc7adcfd45184638fa040d88c
SSDEEP

24576:VO2dVaRrhSk8Bhwm2z8f6ZzoIo9Zx/f9FwwxlXwP20/Yibi:yrEk8wm2Yf6Zdo9Zx/nrxROP/b+

Score

10^/10

mc1904 bumblebee

Malware Config

Extracted

Family

bumblebee

Botnet

mc1904

146.70.155.82:443

149.3.170.179:443

103.175.16.150:443

rc4.plain

Signatures

Bumblebee family
bumblebee

Files

bumble.bin
.dll windows x64

2fe2e7082a95cdfb4a2c89d515c31d6e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

crypt32

CertVerifyCertificateChainPolicy
CertCreateCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext

secur32

InitSecurityInterfaceA

shlwapi

PathCombineW
StrStrIW
PathRemoveExtensionW
PathFindFileNameW
PathFileExistsW
StrCmpIW

kernel32

Process32NextW
Process32FirstW
CloseHandle
OpenProcess
GetFileAttributesA
GetCurrentProcess
ResumeThread
CreateEventW
SetEvent
GetThreadContext
GetProcAddress
GetModuleHandleW
SetThreadContext
SetWaitableTimer
TlsSetValue
SetLastError
EnterCriticalSection
CreateWaitableTimerW
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
PostQueuedCompletionStatus
FormatMessageW
GetLastError
TerminateThread
TlsAlloc
QueueUserAPC
LocalFree
DeleteCriticalSection
VerSetConditionMask
WideCharToMultiByte
SleepEx
VerifyVersionInfoW
TlsGetValue
TlsFree
FormatMessageA
CreateIoCompletionPort
AreFileApisANSI
ReadFile
SetHandleInformation
CreateNamedPipeA
WriteFile
TerminateProcess
GetCurrentThreadId
GetSystemDirectoryW
MultiByteToWideChar
CreateFileA
GetEnvironmentStrings
CreateProcessA
FreeEnvironmentStringsA
GetExitCodeProcess
LoadLibraryW
Sleep
Thread32Next
Thread32First
GetModuleHandleA
LoadLibraryA
VirtualProtectEx
OpenThread
HeapFree
VirtualAlloc
lstrlenA
CreateFileW
CreateToolhelp32Snapshot
HeapAlloc
GetFileSize
GetProcessHeap
GetModuleFileNameA
GetModuleFileNameW
SetFilePointer
lstrcmpA
VirtualProtect
VirtualFree
Wow64DisableWow64FsRedirection
ExpandEnvironmentStringsW
Wow64RevertWow64FsRedirection
GetWindowsDirectoryW
GetCurrentDirectoryW
GlobalMemoryStatusEx
GetTickCount
GetFileAttributesW
GetStdHandle
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
WaitForSingleObject
GetCurrentProcessId
CopyFileA
lstrcatA
GetTempFileNameW
CopyFileW
DeleteFileW
FindClose
GetTempPathW
FindNextFileW
FindFirstFileW
ReadConsoleW
HeapSize
SetEndOfFile
GetCommandLineA
FindNextFileA
FindFirstFileExA
GetTimeZoneInformation
GetOEMCP
IsValidCodePage
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
ExitProcess
GetACP
GetModuleHandleExW
ExitThread
RtlUnwindEx
HeapReAlloc
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
InitializeSListHead
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
RtlPcToFileHeader
EncodePointer
DecodePointer
RaiseException
QueryPerformanceCounter
QueryPerformanceFrequency
TryEnterCriticalSection
GetSystemTimeAsFileTime

user32

FindWindowW
GetCursorPos

advapi32

RegQueryValueExW
GetUserNameW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
EnumServicesStatusExW
OpenSCManagerW
LookupPrivilegeValueW
CloseServiceHandle

shell32

SHGetKnownFolderPath
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoTaskMemFree
CoSetProxyBlanket

oleaut32

SafeArrayGetUBound
VariantClear
SysAllocString
SysFreeString
VariantInit
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayGetLBound

mpr

WNetGetProviderNameW

iphlpapi

GetAdaptersInfo

wtsapi32

WTSEnumerateProcessesA
WTSFreeMemory

ws2_32

WSAStartup
connect
getsockopt
getaddrinfo
WSASocketW
WSARecv
WSAGetLastError
WSASetLastError
shutdown
setsockopt
ioctlsocket
freeaddrinfo
WSACleanup
closesocket
WSASend
select

rpcrt4

RpcServerListen
RpcMgmtStopServerListening
RpcServerUnregisterIf
RpcBindingFree
NdrServerCall2
RpcServerUseProtseqEpA
RpcServerRegisterIfEx

Exports

Exports

dataCheck
setPath

Sections

.text
Size: 880KB - Virtual size: 878KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

2fe2e7082a95cdfb4a2c89d515c31d6e

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

secur32

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

mpr

iphlpapi

wtsapi32

ws2_32

rpcrt4

Exports

Exports

Sections

.text Size: 880KB - Virtual size: 878KB

.rdata Size: 344KB - Virtual size: 343KB

.data Size: 112KB - Virtual size: 111KB

.pdata Size: 48KB - Virtual size: 46KB

.gfids Size: 8KB - Virtual size: 4KB

.tls Size: 8KB - Virtual size: 5KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 880KB - Virtual size: 878KB

.rdata
Size: 344KB - Virtual size: 343KB

.data
Size: 112KB - Virtual size: 111KB

.pdata
Size: 48KB - Virtual size: 46KB

.gfids
Size: 8KB - Virtual size: 4KB

.tls
Size: 8KB - Virtual size: 5KB

.reloc
Size: 8KB - Virtual size: 7KB