Overview

overview

10

Static

static

3

f5cbfffa43...71.dll

windows7-x64

10

f5cbfffa43...71.dll

windows10-2004-x64

10

Resubmissions

19-05-2023 17:41

230519-v9swwsfa67 10

19-05-2023 17:27

230519-v1pg4shg3z 3

Analysis

  • max time kernel
    150s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-05-2023 17:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f5cbfffa43e8280cd9b68bea2c612adb5aa47fe802d28db48dfd1d9291f4ad71.dll

  • Size

    1.2MB

  • MD5

    7fd8bdc919af08976d6d7eb800015ade

  • SHA1

    3ab4d86f12c9efad4f5e17cd0163724e8b77e8aa

  • SHA256

    f5cbfffa43e8280cd9b68bea2c612adb5aa47fe802d28db48dfd1d9291f4ad71

  • SHA512

    c17af8f706dba273e91046961f8a4855ab49603f8dec9360074c0a4bb0a429f3c24821f0665cb80a6d194f5e8a45a3c5dad890d9fa5c7c8571ea0af1296977f2

  • SSDEEP

    24576:5XK6ZFu5DoLYiLgBoAFvEAvxm4i0uuxhJV8e11g:RS4/AFGe4

Score
10/10
bumblebeemc1905trojan

Malware Config

Extracted

Family

bumblebee

Botnet

mc1905

C2

92.119.178.40:443

32.54.188.44:443

194.135.33.160:443

192.198.82.59:443

103.175.16.151:443
rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee
  • Blocklisted process makes network request 8 IoCs
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f5cbfffa43e8280cd9b68bea2c612adb5aa47fe802d28db48dfd1d9291f4ad71.dll,eOXScagadNKe
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of NtCreateThreadExHideFromDebugger
    PID:3684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3684-133-0x0000018CE6180000-0x0000018CE62E1000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/3684-134-0x0000018CE6180000-0x0000018CE62E1000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/3684-135-0x0000018CE6180000-0x0000018CE62E1000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/3684-136-0x0000018CE5E60000-0x0000018CE5EDF000-memory.dmp

    Filesize

    508KB

    Download