Malware Analysis Report

2024-10-19 01:06

Sample ID 230531-ycf3lsaf68
Target Contract_02_21_Copy#32.exe
SHA256 897e53b648020ab28663240bbbce54546cf6f55b35019fd4aa2a209c4a3b1832
Tags
bumblebee 21maca trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

897e53b648020ab28663240bbbce54546cf6f55b35019fd4aa2a209c4a3b1832

Threat Level: Known bad

The file Contract_02_21_Copy#32.exe was found to be: Known bad.

Malicious Activity Summary

bumblebee 21maca trojan

BumbleBee

Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-05-31 19:38

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-05-31 19:38

Reported

2023-05-31 19:39

Platform

win10-20230220-en

Max time kernel

75s

Max time network

80s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Contract_02_21_Copy#32.exe"

Signatures

BumbleBee

trojan bumblebee

Suspicious use of NtCreateThreadExHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Contract_02_21_Copy#32.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Contract_02_21_Copy#32.exe

"C:\Users\Admin\AppData\Local\Temp\Contract_02_21_Copy#32.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Network

Country Destination Domain Proto
US 40.193.27.226:315 tcp
ZA 197.170.198.152:234 tcp
NL 52.178.17.3:443 tcp
NL 8.238.21.126:80 tcp
AU 163.223.67.191:321 tcp
US 8.8.8.8:53 1.77.109.52.in-addr.arpa udp
US 73.237.181.95:225 tcp

Files

memory/4112-117-0x00000221ECC80000-0x00000221ECDE1000-memory.dmp

memory/4112-118-0x00000221ECC80000-0x00000221ECDE1000-memory.dmp

memory/4112-119-0x00000221ECC80000-0x00000221ECDE1000-memory.dmp

memory/4112-120-0x00000221ECA90000-0x00000221ECB1B000-memory.dmp