Overview

overview

10

Static

static

3

66535813e5...f5.exe

windows7-x64

10

66535813e5...f5.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230831-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-09-2023 01:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    66535813e58e078c4a56c502b6536725080aef5f17abf62f57348a574caccaf5.exe

  • Size

    594KB

  • MD5

    b397d94493a37c789647bc3d17fa6920

  • SHA1

    bd7dabb5c87e9e80160f6da942bfd26849e8494a

  • SHA256

    66535813e58e078c4a56c502b6536725080aef5f17abf62f57348a574caccaf5

  • SHA512

    67428108465513a9d2b0f62c18a78e20e2b0204beeedd95a948b8587d8bc4d61371158197754fd61fdffb0648f54a9e884fd4f7a4e0629f30654da8ba0ed11b3

  • SSDEEP

    12288:zGOWNipODV+gjelTCvc8AtzkvkBFJaC/p5lakvyKmUlZ2j:zGOZYVFjelWkBwv6bp1vcUe

Score
10/10
bumblebeelnk1trojan

Malware Config

Extracted

Family

bumblebee

Botnet

lnk1

rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee
  • Drops file in System32 directory 3 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\66535813e58e078c4a56c502b6536725080aef5f17abf62f57348a574caccaf5.exe
    "C:\Users\Admin\AppData\Local\Temp\66535813e58e078c4a56c502b6536725080aef5f17abf62f57348a574caccaf5.exe"
    1⤵
      PID:3012
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k netsvcs -p
      1⤵
      • Drops file in System32 directory
      • Checks processor information in registry
      • Enumerates system info in registry
      PID:4936

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\wsuA170.tmp
      Filesize

      14KB

      MD5

      c01eaa0bdcd7c30a42bbb35a9acbf574

      SHA1

      0aee3e1b873e41d040f1991819d0027b6cc68f54

      SHA256

      32297224427103aa1834dba276bf5d49cd5dd6bda0291422e47ad0d0706c6d40

      SHA512

      d26ff775ad39425933cd3df92209faa53ec5b701e65bfbcccc64ce8dd3e79f619a9bad7cc975a98a95f2006ae89e50551877fc315a3050e48d5ab89e0802e2b7

      Download Submit

    • memory/3012-0-0x000001E86AA50000-0x000001E86AABD000-memory.dmp

      Filesize

      436KB

      Download

    • memory/3012-1-0x000001E86AD20000-0x000001E86AE27000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/3012-2-0x000001E86AD20000-0x000001E86AE27000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/3012-4-0x000001E86AD20000-0x000001E86AE27000-memory.dmp

      Filesize

      1.0MB

      Download