Overview

overview

10

Static

static

3

15b7cb2818...f7.dll

windows7-x64

10

15b7cb2818...f7.dll

windows10-2004-x64

10

Resubmissions

27-10-2023 12:27

231027-pmsdysfh62 10

16-10-2023 02:37

231016-c4mhtadd45 10

Analysis

  • max time kernel
    142s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-10-2023 12:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    15b7cb2818530bbf0b55ea608d85df1bd97004a8556a358c11f84dbb93b893f7.dll

  • Size

    894KB

  • MD5

    a4e4f8966796845079ca6b853fd1899d

  • SHA1

    25906943d58610a2208c9312c555dee7eb16952e

  • SHA256

    15b7cb2818530bbf0b55ea608d85df1bd97004a8556a358c11f84dbb93b893f7

  • SHA512

    22df60f5d457cca829aa86f708d6df492aa8acf794dbaed5bfac06b3f6fcbd7a331139c92465a9e5ec57232b76102b26ba593e527266709fd225ca15a3c3045a

  • SSDEEP

    12288:1hPALJCb+JI7GB5ShQUO3wY6Wpg8qvtN2FCOWPZzMe0n28qX2Y5aIv/86PaeAkYT:1hum+JI/jO3z6WStlFq4Gd66PybS

Score
10/10
bumblebeelg1010loader

Malware Config

Extracted

Family

bumblebee

Botnet

lg1010

Attributes
  • dga

    g7qf7ew5c.life

    ibgrlnu1e.life

    x5fnzbct1.life

    1i2vp7bte.life

    dflucrsh8.life

    0f8ql4hr8.life

    f9ftn74zw.life

    nwm76e7b5.life

    3hjqyzaex.life

    v43qhl0mc.life

    6aepjxcgi.life

    4tbwu08rg.life

    nzz3urf67.life

    9xspr6w4a.life

    oikdiug9o.life

    vajo99879.life

    5v7x1sqr4.life

    57gqsekdz.life

    5v5gciivx.life

    33a1wkm3h.life

    vt6xqpldf.life

    t9lqm51rl.life

    p75sz88kk.life

    wz9ar8gpv.life

    fdx4ra84n.life

    nx37k4a6z.life

    m8mczdgxv.life

    wj7y0l4d9.life

    hit0fdgit.life

    82c6g5meu.life

  • dga_seed

    l0210lsk

  • domain_length

    9

  • num_dga_domains

    100

  • port

    443

rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a loader malware written in C++.

    loaderbumblebee
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\15b7cb2818530bbf0b55ea608d85df1bd97004a8556a358c11f84dbb93b893f7.dll
    1⤵
    • Suspicious use of NtCreateThreadExHideFromDebugger
    PID:4692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4692-0-0x0000000002B70000-0x0000000002BDF000-memory.dmp

    Filesize

    444KB

    Download

  • memory/4692-1-0x0000000002D00000-0x0000000002E0A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4692-2-0x00007FFBBA090000-0x00007FFBBA285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4692-4-0x0000000002D00000-0x0000000002E0A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4692-6-0x0000000002D00000-0x0000000002E0A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4692-5-0x00007FFBBA090000-0x00007FFBBA285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4692-3-0x00007FFBBA090000-0x00007FFBBA285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4692-7-0x0000000002D00000-0x0000000002E0A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4692-8-0x00007FFBBA090000-0x00007FFBBA285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4692-9-0x0000000002B70000-0x0000000002BDF000-memory.dmp

    Filesize

    444KB

    Download