Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
14-10-2023 01:40
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
452bb497728f1eb2ccd56b83f7a13e51447bd79852085e68908cb6c47625060b.dll
Resource
win7-20230831-en
windows7-x64
2 signatures
150 seconds
General
-
Target
452bb497728f1eb2ccd56b83f7a13e51447bd79852085e68908cb6c47625060b.dll
-
Size
1.1MB
-
MD5
7d2156efddf126dfb4c466da06f15e11
-
SHA1
cf90131f73f72b7f32bccca438283a04a1001dbe
-
SHA256
452bb497728f1eb2ccd56b83f7a13e51447bd79852085e68908cb6c47625060b
-
SHA512
83496c49175e85e627ff320ec954f1e393d1473e17bf098f3dfbb98c09b18da6c1d4258bdcfcecc382a8da91424ff63ad882deb8a9572fecb6c667b131d74fe4
-
SSDEEP
24576:drD2uxNbJd3BU7XFLH9io8hAGOAHxLrQ+P3U:ZDBxNvR
Malware Config
Extracted
Family
bumblebee
Botnet
js1
rc4.plain
1
NEW_BLACK
Signatures
Processes
Network
-
Remote address:8.8.8.8:53Request138.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request108.211.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request9.228.82.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request126.24.238.8.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request208.194.73.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request26.35.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request29.81.57.23.in-addr.arpaIN PTRResponse29.81.57.23.in-addr.arpaIN PTRa23-57-81-29deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requestv5b6ml4o0nq.lifeIN AResponsev5b6ml4o0nq.lifeIN A35.241.18.84
-
Remote address:8.8.8.8:53Request84.18.241.35.in-addr.arpaIN PTRResponse84.18.241.35.in-addr.arpaIN PTR841824135bcgoogleusercontentcom
-
Remote address:8.8.8.8:53Request103.169.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301221_1QT8MWO6B4ZOSDG6D&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301221_1QT8MWO6B4ZOSDG6D&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 621457
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 652604A61C7741CC8A72BFFD4B730913 Ref B: DUS30EDGE0916 Ref C: 2023-10-14T14:28:13Z
date: Sat, 14 Oct 2023 14:28:12 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301002_1MO3TX35MNM0PMQ0Y&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301002_1MO3TX35MNM0PMQ0Y&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 312137
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 87FC2311ED5A4BE295ED6F59B77DF4C4 Ref B: DUS30EDGE0916 Ref C: 2023-10-14T14:28:13Z
date: Sat, 14 Oct 2023 14:28:12 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301630_1PAJCY0ULCQZ3ZJR7&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301630_1PAJCY0ULCQZ3ZJR7&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 263902
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4B89B21D75C44AB9B309D1CDF37CED32 Ref B: DUS30EDGE0916 Ref C: 2023-10-14T14:28:13Z
date: Sat, 14 Oct 2023 14:28:12 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301435_1REX6VFBJBZOLLSTT&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301435_1REX6VFBJBZOLLSTT&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 529021
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E7BC893961DE4C76BECED660F45094BB Ref B: DUS30EDGE0916 Ref C: 2023-10-14T14:28:13Z
date: Sat, 14 Oct 2023 14:28:13 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301042_1MAX6G538S7UXPEO9&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301042_1MAX6G538S7UXPEO9&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 76071
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 99A1A6E2E9EB4134BF98FB86033A0BAC Ref B: DUS30EDGE0916 Ref C: 2023-10-14T14:28:13Z
date: Sat, 14 Oct 2023 14:28:13 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301475_1TMICQ2AO32NACDU0&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301475_1TMICQ2AO32NACDU0&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 83160
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 47AB7398107448F999E82231658CE9F5 Ref B: DUS30EDGE0916 Ref C: 2023-10-14T14:28:15Z
date: Sat, 14 Oct 2023 14:28:14 GMT
-
Remote address:8.8.8.8:53Requestv5b6ml4o0nq.lifeIN AResponsev5b6ml4o0nq.lifeIN A35.241.18.84
-
Remote address:8.8.8.8:53Request226.162.46.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestv5b6ml4o0nq.lifeIN AResponsev5b6ml4o0nq.lifeIN A35.241.18.84
-
360 B 299 B 5 7
-
406 B 339 B 6 8
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239317301475_1TMICQ2AO32NACDU0&pid=21.2&w=1080&h=1920&c=4tls, http274.8kB 2.0MB 1427 1423
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301221_1QT8MWO6B4ZOSDG6D&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301002_1MO3TX35MNM0PMQ0Y&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301630_1PAJCY0ULCQZ3ZJR7&pid=21.2&w=1080&h=1920&c=4HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301435_1REX6VFBJBZOLLSTT&pid=21.2&w=1080&h=1920&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301042_1MAX6G538S7UXPEO9&pid=21.2&w=1920&h=1080&c=4HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301475_1TMICQ2AO32NACDU0&pid=21.2&w=1080&h=1920&c=4HTTP Response
200 -
1.2kB 8.3kB 16 14
-
1.2kB 8.3kB 16 14
-
406 B 339 B 6 8
-
360 B 299 B 5 7
-
406 B 339 B 6 8
-
406 B 339 B 6 8
-
72 B 158 B 1 1
DNS Request
138.32.126.40.in-addr.arpa
-
74 B 145 B 1 1
DNS Request
108.211.229.192.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
9.228.82.20.in-addr.arpa
-
71 B 125 B 1 1
DNS Request
126.24.238.8.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
208.194.73.20.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
26.35.223.20.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
29.81.57.23.in-addr.arpa
-
62 B 78 B 1 1
DNS Request
v5b6ml4o0nq.life
DNS Response
35.241.18.84
-
71 B 122 B 1 1
DNS Request
84.18.241.35.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
103.169.127.40.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
15.164.165.52.in-addr.arpa
-
62 B 173 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
-
62 B 78 B 1 1
DNS Request
v5b6ml4o0nq.life
DNS Response
35.241.18.84
-
73 B 147 B 1 1
DNS Request
226.162.46.104.in-addr.arpa
-
62 B 78 B 1 1
DNS Request
v5b6ml4o0nq.life
DNS Response
35.241.18.84