bumblebee | b1158ee463a8f5c7f12d4d23b0de2fc3aa3852e3b40a82b170eef8b9b8ab335d

Sharing

Copy URL

Twitter E-mail

General

Target

b1158ee463a8f5c7f12d4d23b0de2fc3aa3852e3b40a82b170eef8b9b8ab335d
Size

2.1MB
MD5

d2d7944ae535d652c5c7aaa816545164
SHA1

39ae1f3b3424fd17eecfbb3d730aa18d9711e33e
SHA256

b1158ee463a8f5c7f12d4d23b0de2fc3aa3852e3b40a82b170eef8b9b8ab335d
SHA512

a598c23b8d6d91b7619d85e17e665bc4b767a4c983d1fd608bbaa27be43b01f38f3ea961fa6d0d327742b899a1899c5289cc6caf6629eba5dd50bf046ae232eb
SSDEEP

49152:dzrSA6JHcSf80R0xygstpXbh2M9Zx/pUeKltwHjUckPoFA:dzkJB80CulvUemyUTP+A

Score

10^/10

1 bumblebee

Malware Config

Extracted

Family

bumblebee

Botnet

Attributes

dga
45urhm0ldgxb.live

gx6xly9rp6vl.live

zv46ga4ntybq.live

7n1hfolmrnbl.live

vivh2xlt9i6q.live

97t3nh4kk510.live

kbkdtwucfl40.live

qk6a1ahb63uz.live

whko7loy7h5z.live

dad1zg44n0bn.live

7xwz4hw8dts9.live

ovekd5n3gklq.live

amwnef8mjo4v.live

e7ivqfhnss0x.live

rjql4nicl6bg.live

4mo318kk29i4.live

zpo18lm8vg1x.live

jc51pt290y0n.live

rg26t2dc4hf4.live

qw9a58vunuja.live

ugm94zjzl5nl.live

mckag832orba.live

pdw0v9voxlxr.live

m4tx2apfmoxo.live

n2uc737ef71m.live

hkk3112645hz.live

ugko9g5ipa4o.live

8wgq2x4dybx9.live

h81fx7sj8srr.live

a4tgoqi1cm8x.live

kse2q7uxyrwp.live

mfwnbxvt9qme.live

x99ahfftf28l.live

9n6bmko47gxe.live

6l96lk6edlyf.live

st5j8zqdrppf.live

dxjeucbj4p0j.live

bnpuxnov7lhr.live

a8bxv8lqe1m0.live

yczi2ujcyyro.live

sbeo0cztn1kh.live

o337yf9fh4bf.live

zoki7ma89z7b.live

x2r9bglz76r7.live

wi1w9yu1vush.live

mtqdvzkai700.live

r6o2sj70m85m.live

ut6qohwra5lm.live

9yi98fh7usy1.live

kkpjp9jzbzba.live

whvffwd7zphw.live

uztmazsno4y5.live

i3iubj73c21c.live

b72o02l2ilc6.live

wom4o4cutfx6.live

fek3qya20lid.live

nhkvd56j82xw.live

midyxlu6b22f.live

vp9c9rziba2a.live

rkffupb7i1gv.live

8u7r35mu2e4g.live

3c2xflq8mztc.live

wswis3sptby1.live

9rib57u1zu3c.live

sv3pldc5gkdl.live

bmdcn5celetq.live

y3mpywhmem7t.live

avwtkc23ffmw.live

nvgirtryox1z.live

3rlfa7w0bz37.live

vy9u47oyzltu.live

ysdwk0l8xass.live

tbt0aqol3sp2.live

xqqoo0a8zk0w.live

nevkq7lku38l.live

5u42wjin0vfz.live

y626kbnryktm.live

5k9b8nmc0x8r.live

i18t3jshekua.live

4hk1bcnxbse0.live

si00bu9fv5he.live

g3in90m5caz2.live

f6s4n6w41oov.live

sgl7og2qswmm.live

vrrbk7ykz8h1.live

zl7bmlfq8n9w.live

qydstwmw2imy.live

y9s73mnvurxr.live

7zggkh833im1.live

cvnsiogvl3kt.live

enf3gev34gis.live

doj6z5i9g803.live

zsm954jr5ek4.live

6z96z4mk84dc.live

e0et68offggh.live

au97foecnlrm.live

3ibjpmls5x46.live

mmmpa1byo300.live

3e60zvd64d8y.live

zt3nnzr70hn0.live
dga_seed
7834006444057268685
domain_length
12
num_dga_domains
300
port
443

rc4.plain

Signatures

Bumblebee family
bumblebee

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1158ee463a8f5c7f12d4d23b0de2fc3aa3852e3b40a82b170eef8b9b8ab335d

Files

b1158ee463a8f5c7f12d4d23b0de2fc3aa3852e3b40a82b170eef8b9b8ab335d
.dll windows:6 windows x64 arch:x64

20830170303c687d6cc762b0023742ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

StrStrIW
PathRemoveExtensionW
PathFindFileNameW
PathCombineW
StrCmpIW

kernel32

AreFileApisANSI
ReadFile
SetHandleInformation
SetWaitableTimer
TlsSetValue
CreateNamedPipeA
SetLastError
EnterCriticalSection
WriteFile
TerminateProcess
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
GetCurrentThreadId
GetSystemDirectoryW
PostQueuedCompletionStatus
MultiByteToWideChar
FormatMessageW
GetLastError
CreateFileA
TerminateThread
TlsAlloc
QueueUserAPC
LocalFree
DeleteCriticalSection
VerSetConditionMask
WideCharToMultiByte
GetEnvironmentStrings
SleepEx
VerifyVersionInfoW
TlsGetValue
CreateProcessA
TlsFree
FormatMessageA
CreateIoCompletionPort
FreeEnvironmentStringsA
GetExitCodeProcess
LoadLibraryW
GetProcAddress
GetModuleHandleW
SystemTimeToFileTime
GetCurrentProcess
Thread32Next
Thread32First
GetModuleHandleA
LoadLibraryA
VirtualProtectEx
OpenThread
HeapFree
lstrlenA
CreateFileW
HeapReAlloc
HeapAlloc
GetFileSize
GetProcessHeap
GetModuleFileNameA
GetModuleFileNameW
SetFilePointer
lstrcmpA
UnlockFileEx
LockFileEx
Wow64DisableWow64FsRedirection
ExpandEnvironmentStringsW
DisableThreadLibraryCalls
GetWindowsDirectoryW
GetCurrentDirectoryW
GlobalMemoryStatusEx
GetTickCount
GetFileAttributesW
GetSystemInfo
GetStdHandle
TryEnterCriticalSection
HeapCreate
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
InitializeCriticalSection
GetFullPathNameA
SetEndOfFile
CreateMutexW
GetVersionExW
UnmapViewOfFile
HeapValidate
HeapSize
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
HeapCompact
HeapDestroy
UnlockFile
CreateFileMappingA
FreeLibrary
GetSystemTimeAsFileTime
GetSystemTime
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
FlushFileBuffers
RaiseException
SetEvent
CreateEventW
GetFileAttributesA
WriteConsoleW
SetStdHandle
QueryPerformanceFrequency
Sleep
OpenProcess
CloseHandle
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
WaitForSingleObject
GetCurrentProcessId
CopyFileA
lstrcatA
DeleteFileW
FindClose
GetTempPathW
DecodePointer
ReadConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
FindNextFileA
FindFirstFileExA
GetTimeZoneInformation
GetOEMCP
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
EncodePointer
Wow64RevertWow64FsRedirection
IsValidCodePage
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetConsoleCP
GetFileType
ExitProcess
GetACP
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
RtlUnwindEx
InterlockedFlushSList
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
RtlPcToFileHeader

user32

GetCursorPos
FindWindowW

advapi32

RegOpenKeyExW
CryptReleaseContext
CryptAcquireContextW
CloseServiceHandle
OpenSCManagerW
EnumServicesStatusExW
RegQueryInfoKeyW
RegEnumKeyExW
CryptGenRandom
GetUserNameW
RegQueryValueExW
LookupPrivilegeValueW
RegCloseKey
RegSetValueExW
RegGetValueW
RegCreateKeyW
RegOpenKeyW

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoInitializeEx
CoSetProxyBlanket
CoInitializeSecurity
CoUninitialize

oleaut32

SafeArrayGetUBound
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayAccessData
SysFreeString
SysAllocString
VariantClear
VariantInit

mpr

WNetGetProviderNameW

iphlpapi

GetAdaptersInfo

wtsapi32

WTSEnumerateProcessesA
WTSFreeMemory

wininet

InternetOpenUrlA
InternetCloseHandle
InternetReadFile
InternetOpenA

ws2_32

socket
htons
getsockname
inet_addr
WSACleanup
inet_ntop
connect
WSAStartup
freeaddrinfo
getaddrinfo
__WSAFDIsSet
ioctlsocket
getsockopt
closesocket
WSAGetLastError
WSASetLastError
setsockopt
send
select
recv
inet_ntoa

rpcrt4

RpcServerRegisterIfEx
RpcServerListen
RpcServerUseProtseqEpA
RpcMgmtStopServerListening
NdrServerCall2
RpcBindingFree
RpcServerUnregisterIf

Exports

Exports

dataCheck
setPath

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 420KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

20830170303c687d6cc762b0023742ac

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

mpr

iphlpapi

wtsapi32

wininet

ws2_32

rpcrt4

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 420KB - Virtual size: 420KB

.data Size: 95KB - Virtual size: 95KB

.pdata Size: 73KB - Virtual size: 73KB

.gfids Size: 2KB - Virtual size: 2KB

.tls Size: 4KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 420KB - Virtual size: 420KB

.data
Size: 95KB - Virtual size: 95KB

.pdata
Size: 73KB - Virtual size: 73KB

.gfids
Size: 2KB - Virtual size: 2KB

.tls
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 8KB