9049d08d76bd322689076428eb94edf847981c762f0012cc708b538426ddf523 | Triage

Resubmissions

14/06/2022, 09:00

220614-kycenahbg3 10

14/06/2022, 08:57

220614-kwkcgsdadk 10

14/06/2022, 08:39

220614-kkmcpshba2 10

26/05/2022, 09:45

220526-lrcbraebfj 10

26/05/2022, 03:54

220526-egaa3scacj 9

26/05/2022, 03:41

220526-d85evsbhfk 9

Sharing

General

Target

bumblebee.zip
Size

1010KB
Sample

220526-d85evsbhfk
MD5

f2806b8801278e2ad16b2fc41c6c1672
SHA1

e3fa044a0e4d7ee6dcc5bd3730c5e4495501cf33
SHA256

9049d08d76bd322689076428eb94edf847981c762f0012cc708b538426ddf523
SHA512

c9253b653746752fd1239c2eb76a3629ef611f070c39bcf699e82c41b8a6ecbfc5e5a4343a5feff9009e56c8bd30223edbd4ba145728c562fdc0a4260fec804d

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  run.bat
- Size
  
  66B
- MD5
  
  08a6b0f19f771bd800591a6bcfe63b42
- SHA1
  
  a76d6045a24b8fdf6ff038d28fbf0818cc70daac
- SHA256
  
  1a47a931685fad15ac28073e3c4c927e7d20408f9fee680258d7976d4955e4fb
- SHA512
  
  f7c8bddac1e15b4d7d3612b09f51023a71450c528213e2720ee4c62f7aa4a9693ca43a9a3d0fb66fe671439fa3cf5875b93a153104f7cedd89bedd69d69c996e
Score

9^/10

evasion
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1