Overview

overview

10

Static

static

1

2024-11-20...uk.exe

windows7-x64

10

2024-11-20...uk.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-11-2024 03:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-11-20_5d32ada4f02216187028e891ed511b8b_hijackloader_ryuk.exe

  • Size

    1.4MB

  • MD5

    5d32ada4f02216187028e891ed511b8b

  • SHA1

    bf1c5312c969d8277688fc31c3a3f3387ac382d0

  • SHA256

    f2f3b1f5c2d2e21e173d9b36f5c52c8a3f6c4eec2d428dbf3c5aa83b90cb9b69

  • SHA512

    70670982bbbab90b7a0f86c91824accaee83cc24a5db7aa5795ef3061b47624a468d291f4d3c3aefc6fc8ccd3e73eb8e21696806f51bca2a51756ca9aed6e8f2

  • SSDEEP

    24576:3AltU2PTQ/70pdzyTp4BR78M3T+sV1W4qk9i+pZKhG:qU/+yTp4D73sszf

Score
10/10
bumblebee21macaloader

Malware Config

Extracted

Family

bumblebee

Botnet

21maca

C2

108.62.141.20:443

104.168.140.145:443

51.68.145.171:443

108.62.118.170:443

192.119.72.133:443

23.108.57.201:443
rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a loader malware written in C++.

    loaderbumblebee
  • Bumblebee family
    bumblebee
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-11-20_5d32ada4f02216187028e891ed511b8b_hijackloader_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-11-20_5d32ada4f02216187028e891ed511b8b_hijackloader_ryuk.exe"
    1⤵
    • Suspicious use of NtCreateThreadExHideFromDebugger
    PID:2204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2204-0-0x0000020EC1E70000-0x0000020EC1EFB000-memory.dmp

    Filesize

    556KB

    Download

  • memory/2204-1-0x00007FFB67C2D000-0x00007FFB67C2E000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-2-0x0000020EC2070000-0x0000020EC21D1000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2204-3-0x00007FFB67B90000-0x00007FFB67D85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2204-4-0x00007FFB67B90000-0x00007FFB67D85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2204-5-0x00007FFB67B90000-0x00007FFB67D85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2204-6-0x00007FFB67B90000-0x00007FFB67D85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2204-8-0x00007FFB67B90000-0x00007FFB67D85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2204-7-0x00007FFB67B90000-0x00007FFB67D85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2204-9-0x0000020EC2070000-0x0000020EC21D1000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2204-10-0x0000020EC2070000-0x0000020EC21D1000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2204-11-0x0000020EC1E70000-0x0000020EC1EFB000-memory.dmp

    Filesize

    556KB

    Download

  • memory/2204-12-0x00007FFB67C2D000-0x00007FFB67C2E000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-13-0x00007FFB67B90000-0x00007FFB67D85000-memory.dmp

    Filesize

    2.0MB

    Download