bumblebee | e714557aa665651045795c747d9b0faec60863c27edd579c7d6ed75bb33b94f1

Resubmissions

23-02-2024 09:54

240223-lw8whsfa37 10

18-01-2024 17:02

240118-vj468sedd7 10

17-01-2024 08:56

240117-kv7fmacagr 10

13-09-2023 20:10

230913-yx26ksef8w 10

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23-02-2024 09:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

name.dll
Size

1.1MB
MD5

ff519023357a9cc5bb731d798de2f6b6
SHA1

c14545a2d261647012a825e77af3a52fbc2cbc4d
SHA256

e714557aa665651045795c747d9b0faec60863c27edd579c7d6ed75bb33b94f1
SHA512

daddc936416b6ff42bdc47ea50b9b7e0acdaa202f46f75e8a14422c5254eb9a23918bd42ea6131503692045cbedf66373429c9c3cd07286c649f2a04801df1c0
SSDEEP

24576:Zf4/h/FsE6r+XMKFo6hFWHWhw7a9LfMtJ3JCI:J4/hNsEiKK

Score

10^/10

bumblebee js1 loader

Malware Config

Extracted

Family

bumblebee

Botnet

js1

Attributes

dga
v5b6ml4o0nq.life

d4mdwvwm8c8.life

6uwsby1vmyj.life

mp0zt8ctj70.life

tkqeai6tead.life

2xek4jch3xf.life

ugwfyzhao98.life

auq2lckl2e0.life

1odrw6y2sad.life

hk5ekbl02o8.life

knqbckw92x9.life

nnjg4uf5vij.life

nk4xgtjnvs9.life

7xbapl162fg.life

8djp3zmzbif.life

nojzch0pgfo.life

b9dsvlk8f23.life

v3jmvczsden.life

8vpndr56eb1.life

5gbcnik1ba0.life

k6r11hdxxm2.life

wc87pfwqvbx.life

3b73akpd5ip.life

5o5f0or1704.life

ve0tcgv0oks.life

tsd7d3pynml.life

kfjgd8tquo8.life

ff7xb5l0zl5.life

27qrg2npbhu.life

fvawc0jtdkp.life

r5y7fqonya3.life

h9xx3c9il3j.life

j59t9n7hwkm.life

y5cfe6fd3l0.life

ued006o9h01.life

84q99ojz486.life

ip8tqezj7sp.life

y9i4ggczg4e.life

th6qcdkwsnr.life

3xzwth5vntd.life

62gp702iaqu.life

8a3b03ta8rk.life

0tia8g2yvvo.life

su0r8brxdhr.life

mokbztieb27.life

rhxlfskpohc.life

kb7yse43wqy.life

2c0eufveflh.life

619c8rypv20.life

i62qt3jb6zg.life

jfcrw26vapn.life

w8njdj0attm.life

s6vxyh1rklr.life

eky3lk2xil7.life

5nd1oo31eib.life

93bu7npzbv9.life

1whoxcdymhh.life

1xc2t7knxf1.life

84lv2sczasy.life

y6qbgmgfi6m.life

rib8fo3a0e7.life

3rk610zv895.life

8uds1vn7tbd.life

fu7xdccni45.life

dfipyxrnbtc.life

hdgt9j1i8de.life

ysjlq5njlj0.life

l2gxkix6xvr.life

rff8m0h038m.life

odno88uwkuj.life

4e6b5z4l2wd.life

5vpw0f8capy.life

ojwsv8d4wf5.life

eswtlyhooo9.life

yvhvp5ctxtt.life

xdg4p0mcsgd.life

uoi7m690jyc.life

tepg88xv934.life

skfvrgarsyg.life

fdlbpjwv98r.life

vzg4oh5v2kg.life

lx1jum82n75.life

hffl7o7dhb3.life

gcod08x85o9.life

2xbr53fjxlg.life

ld44s7ji3qm.life

y4f82edr2ao.life

xrs1tzzp471.life

80a59gx821r.life

pzzcs6hez6q.life

w7eeb80zx7n.life

jdjme813v37.life

egqguct7n8n.life

uhfs0f1t6i7.life

6leaj1p164t.life

bxmizfnywgz.life

vopc320hvye.life

fxcg75yxz5z.life

e0rhjl9so13.life

4fl2jd837q5.life
dga_seed
OKFsgukk
domain_length
11
num_dga_domains
100
port
443

rc4.plain

Signatures

BumbleBee
BumbleBee is a loader malware written in C++.
loader bumblebee

Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

pid	Process
3648	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\name.dll
1⤵
- Suspicious use of NtCreateThreadExHideFromDebugger
PID:3648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3648-0-0x0000000001FD0000-0x0000000002049000-memory.dmp

Filesize
484KB

Download
memory/3648-2-0x00007FFF48170000-0x00007FFF48365000-memory.dmp

Filesize
2.0MB

Download
memory/3648-1-0x0000000002170000-0x000000000227A000-memory.dmp

Filesize
1.0MB

Download
memory/3648-4-0x00007FFF48170000-0x00007FFF48365000-memory.dmp

Filesize
2.0MB

Download
memory/3648-5-0x0000000002170000-0x000000000227A000-memory.dmp

Filesize
1.0MB

Download
memory/3648-6-0x00007FFF48170000-0x00007FFF48365000-memory.dmp

Filesize
2.0MB

Download
memory/3648-3-0x0000000002170000-0x000000000227A000-memory.dmp

Filesize
1.0MB

Download
memory/3648-7-0x0000000002170000-0x000000000227A000-memory.dmp

Filesize
1.0MB

Download
memory/3648-8-0x00007FFF48170000-0x00007FFF48365000-memory.dmp

Filesize
2.0MB

Download
memory/3648-9-0x0000000001FD0000-0x0000000002049000-memory.dmp

Filesize
484KB

Download
memory/3648-10-0x00007FFF48170000-0x00007FFF48365000-memory.dmp

Filesize
2.0MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads