Overview

overview

10

Static

static

413915.dll

windows7_x64

10

413915.dll

windows10-2004_x64

9

Analysis

  • max time kernel
    36s
  • max time network
    40s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    05-05-2022 05:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    413915.dll

  • Size

    3.6MB

  • MD5

    6909250134a5290f9a0223878b914760

  • SHA1

    53dad515d7de0adc185682a47a60e63fcdf0fc4b

  • SHA256

    33203446cd754cf91dddebec42fa3340e24d232f6e5792448c9c30b1c852fb1d

  • SHA512

    437576ae6345a09893d6430eff2fa024244cea7032db5a5ad8e2a56c59a1a37c1e28d1b3b3b4a26979ed6122fc5c303821f94956f328931ccd9f16726e3a8aa2

Score
10/10
bumblebeeevasiontrojan

Malware Config

Extracted

Family

bumblebee

C2

23.82.128.149:443

108.62.12.203:443
Attributes
  • group_id

    mc405

    BLACK

Signatures

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee
  • Enumerates VirtualBox registry keys 2 TTPs
    evasion
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs
    evasion
  • Looks for VirtualBox Guest Additions in registry 2 TTPs
    evasion
  • Checks BIOS information in registry 2 TTPs 3 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Suspicious behavior: EnumeratesProcesses 41 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\413915.dll,#1
    1⤵
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Suspicious behavior: EnumeratesProcesses
    PID:1000

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1000-54-0x0000000001CB0000-0x0000000001EFB000-memory.dmp

    Filesize

    2.3MB

    Download