bumblebee | 2025-02-12_7f6c92a3c75d5f21aff5dd913c7d520e_ryuk

Resubmissions

24/03/2025, 06:46

250324-hjy9rsvqz4 10

12/02/2025, 12:33

250212-prg4sa1mgn 10

Sharing

Copy URL

Twitter E-mail

General

Target

2025-02-12_7f6c92a3c75d5f21aff5dd913c7d520e_ryuk
Size

2.1MB
MD5

7f6c92a3c75d5f21aff5dd913c7d520e
SHA1

e417e173abfb1bbb78cd27ebf80f810db8bd94d0
SHA256

e5a316171657039514f3584690a6d78c1bb8d6d93a475dd1afe18f95ca365f01
SHA512

1325f02203fe4e7e57cba9f9706add426aae12889f049d5b0bb9038b959d94288cf680cd1ff79a5413aba3cc726c9109831c3ed360fbdc9404913bf98781cb9d
SSDEEP

49152:g0MyV0JcClulr7O2lwK5v6Vy0KBounQ0HUVvF/chYVK+:KGzlr7h5Q8THY9c8K

Score

10^/10

933 bumblebee

Malware Config

Extracted

Family

bumblebee

Botnet

933

Attributes

dga
9qlg6ojje0fh.life

t120o0lqyzjk.life

etptzwxsyp32.life

r8odycmtgooa.life

nb56cfxd01nr.life

xyz5fpz6im57.life

y4yhop208nes.life

cvggxnytt623.life

7zaolm729xjw.life

fkgm8tb8fwky.life

rqyuhu82y5ro.life

rato5okc78nh.life

c1yp2qhm7efl.life

5vi9zf66i5rn.life

ydi1tars4qo5.life

l1bfvyx5yr8e.life

s5lxi812qbt5.life

37jnlxcobt19.life

1uwsarbntiak.life

x5mbn2n8j0wn.life

r3geabq7zf8o.life

lxsq535scirs.life

vuftqxjdst36.life

ks4bjt91jriw.life

zj9lg3qke1k5.life

0ndr4p83d77l.life

ykk98pvhd6jy.life

dlkim3cw0wt8.life

tliy48rr6fi7.life

xk9g4w9g1m0o.life

ulhida6od0xa.life

zvm00jz8j2i4.life

9f6e733z67jp.life

3ld9tlu84tq5.life

sg8yy8ayy3dh.life

v6h9bdel752b.life

d2mtygmipptj.life

0z5az6un9k6k.life

hvcds0it8dt7.life

iij8hlutxq94.life

v1w3127cwxhl.life

arownfz1c8o2.life

l1cr5uamgqz2.life

tner0hutwe3g.life

3s7pn3jol1sn.life

yg3ugy70v9rh.life

u4cvsoeaa55k.life

pys2nmc0yk2m.life

mt3jj0qpep3v.life

9mbxy8omj3af.life

3xphflcx0yq4.life

bme21emezt7p.life

g5l1d24n7poh.life

78s6ysrrqov9.life

49wkezslshdv.life

dvmwxxwjf199.life

lzqm2jeon3lj.life

4hi6mbnb5s0z.life

zecf73x7kezq.life

r3mvri2usb4r.life

y4n250nv3qub.life

77o38tif4ukq.life

f8zhsdf9xqr6.life

e55fg5b5c2yc.life

su3j9n5mdgme.life

uaakle2evth7.life

8ifj3b4lrq3l.life

7lv77j4spxno.life

747wloy5yoes.life

ac3r53i7d5xg.life

xuqu5zosjqcj.life

3btlsn8gcc15.life

a9hh0gszzfzd.life

z1wcdy9l9rim.life

ib9wv6nqehhx.life

8ekeu1gyn59t.life

b2agbvcra964.life

6zom9v75gq8h.life

j8qo2la38tog.life

cvh7gbxot24r.life

qpiw5n9vwsap.life

zz64pxhgxa44.life

hg3pmupul32p.life

4el3s31yx88p.life

nwv57uahqum9.life

slwtl6leeuc7.life

9so8csbbronu.life

33bxjuazvpki.life

gjl37cvm6xly.life

qyasdoxv9qa0.life

8q59sypdstid.life

mqpeq58cpr02.life

qf530mdf7ow6.life

f3bvx132ifi6.life

l7kzf2d26kug.life

soj8eqkhhz4x.life

rrvot3ihi002.life

wo5oxsnqywog.life

khf9pjkylz5h.life

5luyjjps2cmd.life
dga_seed
3171302928008992269
domain_length
12
num_dga_domains
300
port
443
tld
.life

rc4.plain

Signatures

Bumblebee family
bumblebee

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-02-12_7f6c92a3c75d5f21aff5dd913c7d520e_ryuk

Files

2025-02-12_7f6c92a3c75d5f21aff5dd913c7d520e_ryuk
.exe windows:6 windows x64 arch:x64

18a46db36ff7745514d6882b212bacd1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

StrStrIW
PathRemoveExtensionW
PathCombineW
StrCmpIW
PathFindFileNameW

kernel32

SetLastError
EnterCriticalSection
WriteFile
TerminateProcess
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
GetCurrentThreadId
GetSystemDirectoryW
PostQueuedCompletionStatus
CreateEventW
MultiByteToWideChar
FormatMessageW
GetLastError
CreateFileA
SetEvent
TerminateThread
TlsAlloc
QueueUserAPC
LocalFree
DeleteCriticalSection
VerSetConditionMask
WideCharToMultiByte
GetEnvironmentStrings
SleepEx
VerifyVersionInfoW
TlsGetValue
CreateProcessA
TlsFree
FormatMessageA
CreateIoCompletionPort
FreeEnvironmentStringsA
GetExitCodeProcess
LoadLibraryW
GetProcAddress
GetModuleHandleW
SystemTimeToFileTime
Sleep
GetCurrentProcess
Thread32Next
Thread32First
GetModuleHandleA
LoadLibraryA
VirtualProtectEx
OpenThread
TryEnterCriticalSection
HeapCreate
HeapFree
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
CreateMutexW
CreateFileW
GetFileAttributesW
GetVersionExW
UnmapViewOfFile
HeapValidate
HeapSize
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
HeapReAlloc
GetSystemInfo
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
CreateFileMappingA
LockFileEx
GetFileSize
GetProcessHeap
FreeLibrary
GetSystemTimeAsFileTime
CreateNamedPipeA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
lstrlenA
SetWaitableTimer
lstrcmpA
Wow64DisableWow64FsRedirection
ExpandEnvironmentStringsW
Wow64RevertWow64FsRedirection
GetWindowsDirectoryW
LocalAlloc
GetCurrentDirectoryW
GlobalMemoryStatusEx
GetStdHandle
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
AreFileApisANSI
GetModuleFileNameA
GetFileAttributesA
OpenProcess
WaitForSingleObject
CloseHandle
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetCurrentProcessId
CopyFileA
lstrcatA
DeleteFileW
FindClose
GetTempPathW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
FindNextFileA
FindFirstFileExA
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetConsoleCP
GetFileType
ExitProcess
GetACP
GetModuleHandleExW
FreeLibraryAndExitThread
GetSystemTime
TlsSetValue
ExitThread
CreateThread
LoadLibraryExW
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
ResetEvent
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
QueryPerformanceFrequency
RaiseException
DecodePointer
EncodePointer
RtlPcToFileHeader
SetHandleInformation
GetModuleFileNameW
ReadFile

user32

GetCursorPos
FindWindowW

advapi32

RegCreateKeyW
RegGetValueW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
CloseServiceHandle
OpenSCManagerW
EnumServicesStatusExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
GetUserNameW
RegQueryValueExW
LookupPrivilegeValueW
RegCloseKey
RegSetValueExW
RegOpenKeyW

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket

oleaut32

SysFreeString
VariantInit
SafeArrayAccessData
SysAllocString
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayGetUBound
VariantClear

mpr

WNetGetProviderNameW

iphlpapi

GetAdaptersInfo

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesA

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA

ws2_32

htons
inet_ntop
connect
socket
getsockname
inet_addr
closesocket
WSAStartup
WSACleanup
recv
select
send
setsockopt
WSASetLastError
WSAGetLastError
inet_ntoa
getaddrinfo
__WSAFDIsSet
ioctlsocket
getsockopt
freeaddrinfo

rpcrt4

RpcServerUseProtseqEpA
RpcMgmtStopServerListening
RpcServerListen
RpcServerUnregisterIf
RpcBindingFree
NdrServerCall2
RpcServerRegisterIfEx

dnsapi

DnsFree
DnsQuery_A

Exports

Exports

dataCheck

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 404KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

18a46db36ff7745514d6882b212bacd1

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

mpr

iphlpapi

wtsapi32

wininet

ws2_32

rpcrt4

dnsapi

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 404KB - Virtual size: 404KB

.data Size: 96KB - Virtual size: 96KB

.pdata Size: 76KB - Virtual size: 76KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 8KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 404KB - Virtual size: 404KB

.data
Size: 96KB - Virtual size: 96KB

.pdata
Size: 76KB - Virtual size: 76KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 12KB - Virtual size: 12KB