Overview

overview

10

Static

static

3

41e0c02901...05.dll

windows7-x64

10

41e0c02901...05.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • submitted
    16/10/2024, 11:01 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    41e0c02901f4ad04874574d3020eecc8b9d74c14840db1b10c18484de4713105.dll

  • Size

    2.7MB

  • MD5

    a907ba8832cb5814651c66643edff9cf

  • SHA1

    5a1c30cdcb989385f9252c745c40e0e05ea2c6fd

  • SHA256

    41e0c02901f4ad04874574d3020eecc8b9d74c14840db1b10c18484de4713105

  • SHA512

    b7f3f63d765fe0ee8b29f09d9640115b2bdf7d90bae4dd1fc7ac02c03711ff57d854ca5a95719e49ee1b3f9df7e1763a893c522947b9e206a3e18b024a6625ab

  • SSDEEP

    49152:q+RZDJ+z4/s2JdjcRZDIygMTy6unYr7lxXr9ITJaMabZHPQhvYrrcJa:qUMEEMjqDHg/6uY9ITJaMOH4hvYrA

Score
10/10
bumblebeelnk001loader

Malware Config

Extracted

Family

bumblebee

Botnet

lnk001

Attributes
  • dga

    tvx1ovdepj8.life

    acgr6r8zdot.life

    ilofx941igp.life

    8x2apo5m7ri.life

    x9yrzer0ndt.life

    93j4v4jopzd.life

    ameagxzo2f7.life

    nyy41uibsv5.life

    ru4jvijdytq.life

    l9t6r0y6cvi.life

    f4vb9n3tdvh.life

    9do3mcejztt.life

    pxu1ajsdhqr.life

    7exy2b231n2.life

    vu5b47m18jn.life

    6mnudp7zj73.life

    p5047yjrb8q.life

    d0xtxp89bb9.life

    ygo9u1fkwux.life

    fig3gj0v6qe.life

    38f5wvwwn7o.life

    txgogs9p8a1.life

    uyn0icgx1kv.life

    2z1ls31az7s.life

    0cc2z8zrnhf.life

    fsr2hskx44p.life

    du19ek78tjw.life

    234ct3lkozp.life

    he8fq4k8d3w.life

    7ewh8ltr7il.life

  • dga_seed

    1016365528594956469

  • domain_length

    11

  • num_dga_domains

    100

  • port

    443

rc4.plain
1
NEW_BLACK

Signatures

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\41e0c02901f4ad04874574d3020eecc8b9d74c14840db1b10c18484de4713105.dll
    1⤵
      PID:1620

    Network

    • flag-us
      DNS
      tvx1ovdepj8.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      tvx1ovdepj8.life
      IN A
      Response
      tvx1ovdepj8.life
      IN A
      188.40.187.138
    • flag-us
      DNS
      acgr6r8zdot.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      acgr6r8zdot.life
      IN A
      Response
      acgr6r8zdot.life
      IN A
      188.40.187.138
    • flag-us
      DNS
      ilofx941igp.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      ilofx941igp.life
      IN A
      Response
      ilofx941igp.life
      IN A
      188.40.187.138
    • flag-us
      DNS
      8x2apo5m7ri.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      8x2apo5m7ri.life
      IN A
      Response
      8x2apo5m7ri.life
      IN A
      188.40.187.138
    • flag-us
      DNS
      x9yrzer0ndt.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      x9yrzer0ndt.life
      IN A
      Response
      x9yrzer0ndt.life
      IN A
      188.40.187.138
    • flag-us
      DNS
      93j4v4jopzd.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      93j4v4jopzd.life
      IN A
      Response
      93j4v4jopzd.life
      IN A
      188.40.187.138
    • flag-us
      DNS
      ameagxzo2f7.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      ameagxzo2f7.life
      IN A
      Response
      ameagxzo2f7.life
      IN A
      185.26.238.223
    • flag-us
      DNS
      nyy41uibsv5.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      nyy41uibsv5.life
      IN A
      Response
      nyy41uibsv5.life
      IN A
      188.40.187.138
    • flag-us
      DNS
      ru4jvijdytq.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      ru4jvijdytq.life
      IN A
      Response
      ru4jvijdytq.life
      IN A
      188.40.187.138
    • flag-us
      DNS
      l9t6r0y6cvi.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      l9t6r0y6cvi.life
      IN A
      Response
      l9t6r0y6cvi.life
      IN A
      188.40.187.138
    • flag-us
      DNS
      f4vb9n3tdvh.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      f4vb9n3tdvh.life
      IN A
      Response
      f4vb9n3tdvh.life
      IN A
      188.40.187.138
    • flag-us
      DNS
      9do3mcejztt.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      9do3mcejztt.life
      IN A
      Response
      9do3mcejztt.life
      IN A
      188.40.187.138
    • flag-us
      DNS
      pxu1ajsdhqr.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      pxu1ajsdhqr.life
      IN A
      Response
      pxu1ajsdhqr.life
      IN A
      188.40.187.138
    • flag-us
      DNS
      7exy2b231n2.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      7exy2b231n2.life
      IN A
      Response
      7exy2b231n2.life
      IN A
      188.40.187.138
    • flag-us
      DNS
      vu5b47m18jn.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      vu5b47m18jn.life
      IN A
      Response
      vu5b47m18jn.life
      IN A
      188.40.187.138
    • flag-us
      DNS
      6mnudp7zj73.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      6mnudp7zj73.life
      IN A
      Response
      6mnudp7zj73.life
      IN A
      188.40.187.138
    • flag-us
      DNS
      p5047yjrb8q.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      p5047yjrb8q.life
      IN A
      Response
      p5047yjrb8q.life
      IN A
      188.40.187.138
    • flag-us
      DNS
      d0xtxp89bb9.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      d0xtxp89bb9.life
      IN A
      Response
      d0xtxp89bb9.life
      IN A
      188.40.187.138
    • flag-us
      DNS
      ygo9u1fkwux.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      ygo9u1fkwux.life
      IN A
      Response
      ygo9u1fkwux.life
      IN A
      37.27.203.12
    • flag-us
      DNS
      fig3gj0v6qe.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      fig3gj0v6qe.life
      IN A
      Response
      fig3gj0v6qe.life
      IN A
      188.40.187.138
    • flag-us
      DNS
      38f5wvwwn7o.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      38f5wvwwn7o.life
      IN A
      Response
      38f5wvwwn7o.life
      IN A
      185.93.221.123
    • flag-us
      DNS
      txgogs9p8a1.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      txgogs9p8a1.life
      IN A
      Response
      txgogs9p8a1.life
      IN A
      188.40.187.138
    • flag-us
      DNS
      uyn0icgx1kv.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      uyn0icgx1kv.life
      IN A
      Response
      uyn0icgx1kv.life
      IN A
      38.180.144.181
    • flag-us
      DNS
      2z1ls31az7s.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      2z1ls31az7s.life
      IN A
      Response
      2z1ls31az7s.life
      IN A
      188.166.15.250
    • flag-us
      DNS
      0cc2z8zrnhf.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      0cc2z8zrnhf.life
      IN A
      Response
      0cc2z8zrnhf.life
      IN A
      95.156.207.204
    • flag-us
      DNS
      fsr2hskx44p.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      fsr2hskx44p.life
      IN A
      Response
      fsr2hskx44p.life
      IN A
      185.81.114.195
    • flag-us
      DNS
      du19ek78tjw.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      du19ek78tjw.life
      IN A
      Response
    • flag-us
      DNS
      du19ek78tjw.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      du19ek78tjw.life
      IN A
    • flag-us
      DNS
      234ct3lkozp.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      234ct3lkozp.life
      IN A
      Response
      234ct3lkozp.life
      IN A
      188.40.187.138
    • flag-us
      DNS
      he8fq4k8d3w.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      he8fq4k8d3w.life
      IN A
      Response
      he8fq4k8d3w.life
      IN A
      188.40.187.138
    • flag-us
      DNS
      7ewh8ltr7il.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      7ewh8ltr7il.life
      IN A
      Response
      7ewh8ltr7il.life
      IN A
      188.40.187.138
    • flag-us
      DNS
      dw34kmgfl7t.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      dw34kmgfl7t.life
      IN A
      Response
      dw34kmgfl7t.life
      IN A
      188.40.187.138
    • flag-us
      DNS
      f2j20ayqh8y.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      f2j20ayqh8y.life
      IN A
      Response
      f2j20ayqh8y.life
      IN A
      188.40.187.138
    • flag-us
      DNS
      331k2rdkmmb.life
      regsvr32.exe
      Remote address:
      8.8.8.8:53
      Request
      331k2rdkmmb.life
      IN A
      Response
      331k2rdkmmb.life
      IN A
      188.40.187.138
    • 188.40.187.138:443
      x9yrzer0ndt.life
      https
      regsvr32.exe
      484 B
       212 B
       7
      5
    • 188.40.187.138:443
      93j4v4jopzd.life
      https
      regsvr32.exe
      438 B
       212 B
       6
      5
    • 185.26.238.223:443
      ameagxzo2f7.life
      regsvr32.exe
      152 B
       120 B
       3
      3
    • 188.40.187.138:443
      nyy41uibsv5.life
      https
      regsvr32.exe
      484 B
       212 B
       7
      5
    • 188.40.187.138:443
      ru4jvijdytq.life
      https
      regsvr32.exe
      484 B
       212 B
       7
      5
    • 188.40.187.138:443
      f4vb9n3tdvh.life
      https
      regsvr32.exe
      530 B
       252 B
       8
      6
    • 188.40.187.138:443
      7exy2b231n2.life
      https
      regsvr32.exe
      484 B
       212 B
       7
      5
    • 188.40.187.138:443
      p5047yjrb8q.life
      https
      regsvr32.exe
      484 B
       212 B
       7
      5
    • 188.40.187.138:443
      fig3gj0v6qe.life
      https
      regsvr32.exe
      484 B
       212 B
       7
      5
    • 38.180.144.181:443
      uyn0icgx1kv.life
      regsvr32.exe
      152 B
       3
    • 185.81.114.195:443
      fsr2hskx44p.life
      regsvr32.exe
      152 B
       120 B
       3
      3
    • 188.40.187.138:443
      7ewh8ltr7il.life
      https
      regsvr32.exe
      484 B
       212 B
       7
      5
    • 188.40.187.138:443
      331k2rdkmmb.life
      https
      regsvr32.exe
      438 B
       172 B
       6
      4
    • 8.8.8.8:53
      tvx1ovdepj8.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      tvx1ovdepj8.life

      DNS Response

      188.40.187.138

    • 8.8.8.8:53
      acgr6r8zdot.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      acgr6r8zdot.life

      DNS Response

      188.40.187.138

    • 8.8.8.8:53
      ilofx941igp.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      ilofx941igp.life

      DNS Response

      188.40.187.138

    • 8.8.8.8:53
      8x2apo5m7ri.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      8x2apo5m7ri.life

      DNS Response

      188.40.187.138

    • 8.8.8.8:53
      x9yrzer0ndt.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      x9yrzer0ndt.life

      DNS Response

      188.40.187.138

    • 8.8.8.8:53
      93j4v4jopzd.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      93j4v4jopzd.life

      DNS Response

      188.40.187.138

    • 8.8.8.8:53
      ameagxzo2f7.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      ameagxzo2f7.life

      DNS Response

      185.26.238.223

    • 8.8.8.8:53
      nyy41uibsv5.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      nyy41uibsv5.life

      DNS Response

      188.40.187.138

    • 8.8.8.8:53
      ru4jvijdytq.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      ru4jvijdytq.life

      DNS Response

      188.40.187.138

    • 8.8.8.8:53
      l9t6r0y6cvi.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      l9t6r0y6cvi.life

      DNS Response

      188.40.187.138

    • 8.8.8.8:53
      f4vb9n3tdvh.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      f4vb9n3tdvh.life

      DNS Response

      188.40.187.138

    • 8.8.8.8:53
      9do3mcejztt.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      9do3mcejztt.life

      DNS Response

      188.40.187.138

    • 8.8.8.8:53
      pxu1ajsdhqr.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      pxu1ajsdhqr.life

      DNS Response

      188.40.187.138

    • 8.8.8.8:53
      7exy2b231n2.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      7exy2b231n2.life

      DNS Response

      188.40.187.138

    • 8.8.8.8:53
      vu5b47m18jn.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      vu5b47m18jn.life

      DNS Response

      188.40.187.138

    • 8.8.8.8:53
      6mnudp7zj73.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      6mnudp7zj73.life

      DNS Response

      188.40.187.138

    • 8.8.8.8:53
      p5047yjrb8q.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      p5047yjrb8q.life

      DNS Response

      188.40.187.138

    • 8.8.8.8:53
      d0xtxp89bb9.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      d0xtxp89bb9.life

      DNS Response

      188.40.187.138

    • 8.8.8.8:53
      ygo9u1fkwux.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      ygo9u1fkwux.life

      DNS Response

      37.27.203.12

    • 8.8.8.8:53
      fig3gj0v6qe.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      fig3gj0v6qe.life

      DNS Response

      188.40.187.138

    • 8.8.8.8:53
      38f5wvwwn7o.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      38f5wvwwn7o.life

      DNS Response

      185.93.221.123

    • 8.8.8.8:53
      txgogs9p8a1.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      txgogs9p8a1.life

      DNS Response

      188.40.187.138

    • 8.8.8.8:53
      uyn0icgx1kv.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      uyn0icgx1kv.life

      DNS Response

      38.180.144.181

    • 8.8.8.8:53
      2z1ls31az7s.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      2z1ls31az7s.life

      DNS Response

      188.166.15.250

    • 8.8.8.8:53
      0cc2z8zrnhf.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      0cc2z8zrnhf.life

      DNS Response

      95.156.207.204

    • 8.8.8.8:53
      fsr2hskx44p.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      fsr2hskx44p.life

      DNS Response

      185.81.114.195

    • 8.8.8.8:53
      du19ek78tjw.life
      dns
      regsvr32.exe
      124 B
       62 B
       2
      1

      DNS Request

      du19ek78tjw.life

      DNS Request

      du19ek78tjw.life

    • 8.8.8.8:53
      234ct3lkozp.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      234ct3lkozp.life

      DNS Response

      188.40.187.138

    • 8.8.8.8:53
      he8fq4k8d3w.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      he8fq4k8d3w.life

      DNS Response

      188.40.187.138

    • 8.8.8.8:53
      7ewh8ltr7il.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      7ewh8ltr7il.life

      DNS Response

      188.40.187.138

    • 8.8.8.8:53
      dw34kmgfl7t.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      dw34kmgfl7t.life

      DNS Response

      188.40.187.138

    • 8.8.8.8:53
      f2j20ayqh8y.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      f2j20ayqh8y.life

      DNS Response

      188.40.187.138

    • 8.8.8.8:53
      331k2rdkmmb.life
      dns
      regsvr32.exe
      62 B
       78 B
       1
      1

      DNS Request

      331k2rdkmmb.life

      DNS Response

      188.40.187.138

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1620-0-0x0000000002100000-0x0000000002319000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/1620-2-0x0000000001ED0000-0x00000000020FA000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/1620-6-0x0000000076DF0000-0x0000000076F99000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/1620-4-0x0000000076E41000-0x0000000076E42000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1620-9-0x0000000076DF0000-0x0000000076F99000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/1620-8-0x0000000076DF0000-0x0000000076F99000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/1620-7-0x0000000076DF0000-0x0000000076F99000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/1620-5-0x0000000002100000-0x0000000002319000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/1620-3-0x0000000002100000-0x0000000002319000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/1620-10-0x0000000002100000-0x0000000002319000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/1620-11-0x0000000001ED0000-0x00000000020FA000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/1620-12-0x0000000076DF0000-0x0000000076F99000-memory.dmp

      Filesize

      1.7MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.