Overview

overview

10

Static

static

8

0cef17ba67...f.docm

windows10-1703-x64

1

c34e5d36bd...9a.dll

windows10-1703-x64

10

Analysis

  • max time kernel
    190s
  • max time network
    198s
  • platform
    windows10-1703_x64
  • resource
    win10-20240611-es
  • resource tags

    arch:x64arch:x86image:win10-20240611-eslocale:es-esos:windows10-1703-x64systemwindows
  • submitted
    15-09-2024 23:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c34e5d36bd3a9a6fca92e900ab015aa50bb20d2cd6c0b6e03d070efe09ee689a.dll

  • Size

    2.3MB

  • MD5

    e815078b81bda42fd1d8029f82f63f8c

  • SHA1

    6ddae41b0861ff953d261dabd7d63b7ff1dce7e8

  • SHA256

    c34e5d36bd3a9a6fca92e900ab015aa50bb20d2cd6c0b6e03d070efe09ee689a

  • SHA512

    7330be3ff019303b49afb753b45fedf9b6794a4ea670faa2eeb477dc7168aeadad52e5499bca52eb2c23f8e9a5c021d7c2ddb1c44ce82fcd357cdd257b31f0fb

  • SSDEEP

    24576:+7GSow1W1xmEJj65Ar478M30eNxFrSZJi8nDjXEHAzeozxlXZWXrXExoXOG8UdDP:+PKG7783j/2buc4

Score
10/10
bumblebeedcc3loader

Malware Config

Extracted

Family

bumblebee

Botnet

dcc3

Attributes
  • dga

    kxk0fp99.life

    9b7t2l0q.life

    hyivgigf.life

    ge0gmguu.life

    c0g886v7.life

    z5gt6avq.life

    bhqjgnyg.life

    vtq4vrd1.life

    wmds946t.life

    lawsc41o.life

    8zxvhrw3.life

    6t152qng.life

    8jenv5cj.life

    nnc9xesb.life

    vevijml2.life

    qblg0klz.life

    3botypuk.life

    quw31ted.life

    n9t609lu.life

    mtu5eery.life

    guycev3v.life

    klcmu5e3.life

    hm2psb94.life

    wiof5kps.life

    ink7i9yf.life

    rj3h9lji.life

    n0ohhx48.life

    d5lspsc8.life

    wuxe83rt.life

    rka4u64f.life

  • dga_seed

    3.169630490570045e+18

  • domain_length

    8

  • num_dga_domains

    100

  • port

    443

rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a loader malware written in C++.

    loaderbumblebee
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c34e5d36bd3a9a6fca92e900ab015aa50bb20d2cd6c0b6e03d070efe09ee689a.dll
    1⤵
    • Suspicious use of NtCreateThreadExHideFromDebugger
    PID:2228
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3624

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2228-0-0x0000000002BC0000-0x0000000002CA7000-memory.dmp

      Filesize

      924KB

      Download

    • memory/2228-7-0x00007FFD9D2E0000-0x00007FFD9D4BB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/2228-6-0x0000000002ED0000-0x00000000030E8000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/2228-8-0x00007FFD9D2E0000-0x00007FFD9D4BB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/2228-3-0x0000000002ED0000-0x00000000030E8000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/2228-5-0x0000000002ED0000-0x00000000030E8000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/2228-4-0x00007FFD9D2E0000-0x00007FFD9D4BB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/2228-2-0x00007FFD9D2E0000-0x00007FFD9D4BB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/2228-1-0x00007FFD9D385000-0x00007FFD9D386000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2228-9-0x0000000002BC0000-0x0000000002CA7000-memory.dmp

      Filesize

      924KB

      Download

    • memory/2228-10-0x00007FFD9D2E0000-0x00007FFD9D4BB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/2228-11-0x00007FFD9D385000-0x00007FFD9D386000-memory.dmp

      Filesize

      4KB

      Download