Overview

overview

10

Static

static

kiol5.dll

windows7_x64

10

kiol5.dll

windows10-2004_x64

10

Resubmissions

14/06/2022, 11:40

220614-nst93adfam 10

06/05/2022, 20:35

220506-zcz16adcer 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    kiol5.dll

  • Size

    3.7MB

  • Sample

    220506-zcz16adcer

  • MD5

    6b893e5b5a93f937052dd9fb2c3cf2e1

  • SHA1

    3f62cfb46538a1d4b00a0a7cbbd74d1f96fdbb34

  • SHA256

    592bca0ed73c7705815562d5dc3716bdfd6558b0e3ced8c90e93acfdf6f03b58

  • SHA512

    5eae69c68f422b59095bb7a5701c97348ffb0d70b3724f160fa87917eb4d4c5bbbe467363afd5c846b4abf7caa3db8e9721d51f078f5c565ec6bd380fd64df62

Score
10/10
bumblebeeevasiontrojan

Malware Config

Extracted

Family

bumblebee

C2

64.44.141.177:443

104.168.218.225:443

68.233.238.126:443

206.54.190.170:443

23.83.133.13:443
Attributes
  • group_id

    0605r

    9Ydun9zWUm

Targets

    • Target

      kiol5.dll

    • Size

      3.7MB

    • MD5

      6b893e5b5a93f937052dd9fb2c3cf2e1

    • SHA1

      3f62cfb46538a1d4b00a0a7cbbd74d1f96fdbb34

    • SHA256

      592bca0ed73c7705815562d5dc3716bdfd6558b0e3ced8c90e93acfdf6f03b58

    • SHA512

      5eae69c68f422b59095bb7a5701c97348ffb0d70b3724f160fa87917eb4d4c5bbbe467363afd5c846b4abf7caa3db8e9721d51f078f5c565ec6bd380fd64df62

    Score
    10/10
    bumblebeeevasiontrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks