bumblebee | 2468-172-0x000001C863160000-0x000001C8632C1000-memory[.]dmp

General

Target

2468-172-0x000001C863160000-0x000001C8632C1000-memory.dmp
Size

1.4MB
MD5

a18f9172c01917955d5688b6cca2f328
SHA1

307bbe74a020ec42b0b73f0da4d89b51f019088a
SHA256

5006c2fce678dbeb745cef6f10b675c4c8d1c60f2b32b8a3760a7a8656347515
SHA512

49e7a131d81f442c6c38a00137f7c85341b289ae1ad2967c34a30f281618de8c3ec883ea6cb85107d90e9605b86f1ca6108c96bd8eabe4b3dfe7034d8d38bd63
SSDEEP

24576:LO2dVaRrhSk8Bhwm2z8f6ZzoIo9Zx/f9FwwxlXwgHslYxbi:wrEk8wm2Yf6Zdo9Zx/nrxRylE+

Score

10^/10

inst bumblebee

Malware Config

Extracted

Family

bumblebee

Botnet

inst

C2

194.15.216.247:443

23.106.215.141:443

104.168.244.96:443

51.83.255.85:443

192.119.81.86:443

rc4.plain

Signatures

Bumblebee family
bumblebee

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2468-172-0x000001C863160000-0x000001C8632C1000-memory.dmp

Files

2468-172-0x000001C863160000-0x000001C8632C1000-memory.dmp
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 879KB - Virtual size: 878KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 879KB - Virtual size: 878KB

.rdata Size: 344KB - Virtual size: 343KB

.data Size: 83KB - Virtual size: 111KB

.pdata Size: 46KB - Virtual size: 46KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 5KB - Virtual size: 5KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 879KB - Virtual size: 878KB

.rdata
Size: 344KB - Virtual size: 343KB

.data
Size: 83KB - Virtual size: 111KB

.pdata
Size: 46KB - Virtual size: 46KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 5KB - Virtual size: 5KB

.reloc
Size: 7KB - Virtual size: 7KB