Overview

overview

10

Static

static

oblot.dll

windows7_x64

10

oblot.dll

windows10-2004_x64

9

Resubmissions

12-05-2022 21:09

220512-zzeczaabg4 9

10-05-2022 12:16

220510-pfl9csbefm 10

09-05-2022 23:26

220509-3e4nxaedh7 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    oblot.dll

  • Size

    1.3MB

  • Sample

    220510-pfl9csbefm

  • MD5

    38ea4397f1c9dfe79e9accaebe7487ec

  • SHA1

    24614b49e47bbdc30263cc86cea8aceb2781f1ed

  • SHA256

    281a1cfaebf968012e9596721d14b1bd6429744617e73f96558cb68bcc0db8f8

  • SHA512

    3b8d8deb404a52cb43306c8b3275f61efd8092202cf5ac5d86c342664b1673080abb3689f77b5bcc94b88ca10f238eb2dba67161619588e443ca6e04e261399b

Score
10/10
bumblebeeevasiontrojan

Malware Config

Extracted

Family

bumblebee

Attributes
  • group_id

    9Ydun9zWUm

Targets

    • Target

      oblot.dll

    • Size

      1.3MB

    • MD5

      38ea4397f1c9dfe79e9accaebe7487ec

    • SHA1

      24614b49e47bbdc30263cc86cea8aceb2781f1ed

    • SHA256

      281a1cfaebf968012e9596721d14b1bd6429744617e73f96558cb68bcc0db8f8

    • SHA512

      3b8d8deb404a52cb43306c8b3275f61efd8092202cf5ac5d86c342664b1673080abb3689f77b5bcc94b88ca10f238eb2dba67161619588e443ca6e04e261399b

    Score
    10/10
    bumblebeeevasiontrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks