bumblebee | 07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2

Analysis

max time kernel
144s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2023, 10:47 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2_JC.exe
Size

597KB
MD5

95138e2d1e51d45f653eef0823ad3c89
SHA1

a28285ea359d00e3d6769481e5db882807cd7796
SHA256

07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2
SHA512

3c132f6717da4518fb08dc5aa73721b211051822172f50721de77acd2b8663fe39e8f6f77a39614757873a318972c24ad679d67ab44dd07ecaf2a077c94eacfe
SSDEEP

12288:DSHXS6dIkIYpPVpPE9NSn8V+Nu8Hx60PinBYqT:DS3Ik7P808QrU0PCe6

Score

10^/10

bumblebee lnk1 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

lnk1

rc4.plain

1
NEW_BLACK

Signatures

BumbleBee
BumbleBee is a webshell malware written in C++.
trojan bumblebee

C:\Users\Admin\AppData\Local\Temp\07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2_JC.exe
"C:\Users\Admin\AppData\Local\Temp\07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2_JC.exe"
1⤵
PID:3816

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

208.194.73.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.194.73.20.in-addr.arpa

IN PTR

Response
DNS

0.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.159.190.20.in-addr.arpa

IN PTR

Response
DNS

1.202.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.202.248.87.in-addr.arpa

IN PTR

Response

1.202.248.87.in-addr.arpa

IN PTR

https-87-248-202-1amsllnwnet
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR

Response
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR

Response

41.110.16.96.in-addr.arpa

IN PTR

a96-16-110-41deploystaticakamaitechnologiescom
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

54.120.234.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

54.120.234.20.in-addr.arpa

IN PTR

Response
DNS

cmid1s1zeiu.life

07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2_JC.exe

Remote address:

8.8.8.8:53

Request

cmid1s1zeiu.life

IN A

Response

cmid1s1zeiu.life

IN A

172.86.68.166
DNS

158.240.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.240.127.40.in-addr.arpa

IN PTR

Response
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

126.178.238.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

126.178.238.8.in-addr.arpa

IN PTR

Response
DNS

itszko2ot5u.life

07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2_JC.exe

Remote address:

8.8.8.8:53

Request

itszko2ot5u.life

IN A

Response

itszko2ot5u.life

IN A

45.61.130.31
DNS

3v1n35i5kwx.life

07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2_JC.exe

Remote address:

8.8.8.8:53

Request

3v1n35i5kwx.life

IN A

Response

3v1n35i5kwx.life

IN A

172.86.123.215
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response
DNS

newdnq1xnl9.life

07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2_JC.exe

Remote address:

8.8.8.8:53

Request

newdnq1xnl9.life

IN A

Response

newdnq1xnl9.life

IN A

88.198.203.50
DNS

50.203.198.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.203.198.88.in-addr.arpa

IN PTR

Response

50.203.198.88.in-addr.arpa

IN PTR

static 88-198-203-50clientsyour-serverde
DNS

4.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.173.189.20.in-addr.arpa

IN PTR

Response

172.86.68.166:443

cmid1s1zeiu.life

07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2_JC.exe

260 B
5
45.61.130.31:443

itszko2ot5u.life

07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2_JC.exe

260 B
5
172.86.123.215:443

3v1n35i5kwx.life

07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2_JC.exe

260 B
5
88.198.203.50:443

newdnq1xnl9.life

https

07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2_JC.exe

1.1kB
906 B
12
14
172.86.68.166:443

cmid1s1zeiu.life

07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2_JC.exe

260 B
5
45.61.130.31:443

itszko2ot5u.life

07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2_JC.exe

156 B
3

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

208.194.73.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

208.194.73.20.in-addr.arpa
8.8.8.8:53

0.159.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

0.159.190.20.in-addr.arpa
8.8.8.8:53

1.202.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

1.202.248.87.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

241.154.82.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.154.82.20.in-addr.arpa
8.8.8.8:53

41.110.16.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

41.110.16.96.in-addr.arpa
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa
8.8.8.8:53

54.120.234.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

54.120.234.20.in-addr.arpa
8.8.8.8:53

cmid1s1zeiu.life

dns

07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2_JC.exe

62 B
78 B
1
1

DNS Request

cmid1s1zeiu.life

DNS Response

172.86.68.166
8.8.8.8:53

158.240.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

158.240.127.40.in-addr.arpa
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

56.126.166.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

56.126.166.20.in-addr.arpa
8.8.8.8:53

126.178.238.8.in-addr.arpa

dns

72 B
126 B
1
1

DNS Request

126.178.238.8.in-addr.arpa
8.8.8.8:53

itszko2ot5u.life

dns

07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2_JC.exe

62 B
78 B
1
1

DNS Request

itszko2ot5u.life

DNS Response

45.61.130.31
8.8.8.8:53

3v1n35i5kwx.life

dns

07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2_JC.exe

62 B
78 B
1
1

DNS Request

3v1n35i5kwx.life

DNS Response

172.86.123.215
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

43.229.111.52.in-addr.arpa
8.8.8.8:53

newdnq1xnl9.life

dns

07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2_JC.exe

62 B
78 B
1
1

DNS Request

newdnq1xnl9.life

DNS Response

88.198.203.50
8.8.8.8:53

50.203.198.88.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

50.203.198.88.in-addr.arpa
8.8.8.8:53

4.173.189.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

4.173.189.20.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3816-0-0x000001AD64BF0000-0x000001AD64C5D000-memory.dmp

Filesize
436KB

Download
memory/3816-1-0x000001AD64EE0000-0x000001AD64FE7000-memory.dmp

Filesize
1.0MB

Download
memory/3816-2-0x000001AD64EE0000-0x000001AD64FE7000-memory.dmp

Filesize
1.0MB

Download
memory/3816-3-0x000001AD64EE0000-0x000001AD64FE7000-memory.dmp

Filesize
1.0MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.