bumblebee

Sharing

Copy URL

Twitter E-mail

General

Target

7572296131.zip
Size

23.3MB
Sample

220609-vqvalsefb8
MD5

fd8b3ed4748f4fc97efcd6ac769d7b42
SHA1

55f7b9e842f09f894fca9a2fdfb281ccc768f55c
SHA256

97fed9c9f49640addb8150b4c464e715607781381ff5668fcffd931a255a03ec
SHA512

6f33bd85232195340c263947f6eae83bbc2a176ce1ac107f22194218db4017f95bec8cd38755123c928cf6d92f8ee3f959da7846b679fdce6ce4dfaf01d47fb8

Score

10^/10

Malware Config

Extracted

Family

bumblebee

Botnet

7rr

103.175.16.107:443

194.135.33.149:443

154.56.0.241:443

23.254.201.97:443

45.147.229.101:443

185.62.58.169:443

192.236.249.68:443

193.239.84.254:443

37.120.198.248:443

146.19.173.139:443

46.21.153.145:443

149.255.35.134:443

45.147.229.50:443

212.114.52.46:443

103.175.16.122:443

146.19.253.49:443

68.233.238.105:443

64.44.135.250:443

103.175.16.121:443

64.44.102.6:443

rc4.plain

Targets

- Target
  
  01e6aea8ea3f21142fc2be90ac6e3cce73fedf25acb85e69438be79c6c050048
- Size
  
  1.7MB
- MD5
  
  1db9fe42bf03bb526af1b2a219c429f8
- SHA1
  
  b273e50c51de4b8b8397b248eaf26833febf698e
- SHA256
  
  01e6aea8ea3f21142fc2be90ac6e3cce73fedf25acb85e69438be79c6c050048
- SHA512
  
  a1e34d567dd584f01adc03c4a581ba21bc29a7764f0f9091ba0dd0ae67fcae596ecb7970751ca26ce6303ed035d5e41d3203a06d4166cb6602da13e914e3662b
Score

3^/10
behavioral1 behavioral2
- Target
  
  05c21d7273b3349857f64b6240cca49f45a453883958358d22e3cb7e19106045
- Size
  
  1.7MB
- MD5
  
  f8fa85efd2a4abaa2d23d303e745fe5b
- SHA1
  
  4c3d2197c3485d93169345b6b3205ad7a21488b2
- SHA256
  
  05c21d7273b3349857f64b6240cca49f45a453883958358d22e3cb7e19106045
- SHA512
  
  108ffacc548864a89468b297285fd0177628d594b5b851aef5ccca960540488045b996bd66f61ce194a7f7dff9f4144361685baeabf9244e8dd188efe9ce8207
Score

3^/10
behavioral3 behavioral4
- Target
  
  0b2b6268a8f1f12d758dda0e92c4093f958ddc0f4c1b75c030e0c8ac35c2416f
- Size
  
  1.7MB
- MD5
  
  26cb2dddef268cc16041bbc9b19ac3f9
- SHA1
  
  20758d5f0a2e00a5c0396742acf1c54b497fa284
- SHA256
  
  0b2b6268a8f1f12d758dda0e92c4093f958ddc0f4c1b75c030e0c8ac35c2416f
- SHA512
  
  ad35e48e63500b22418c5b7227f599e357b35a4b32d59539c5a37e8b6d3ed97b1a9a28bfed4fd9f90fc015d1bdf1db3163b86bc283e08d80fa2d69c22b96898b
Score

3^/10
behavioral5 behavioral6
- Target
  
  0e34390458e260d861a43fed3109ea0c6f46fbd4d786924dabaa666718d4e6c3
- Size
  
  1.7MB
- MD5
  
  2697d44b60a29e40607dc9c5b18ae7ea
- SHA1
  
  3c8b2b1606458d65710382f288f5ba2f10f96fa4
- SHA256
  
  0e34390458e260d861a43fed3109ea0c6f46fbd4d786924dabaa666718d4e6c3
- SHA512
  
  31cdaf14d480f58b1d6423ee62b3e9dd1843904a305eef109bb24c0b8e18458650d28256c147975c7ffc52e5c2ffa5d958a319ef0c1c5c8ba51be043760179d6
Score

3^/10
behavioral7 behavioral8
- Target
  
  1c4c02c4a7e39607bddbc38e7bc5e9e44a71a6313302eecde8c8d2e6a8c0aff2
- Size
  
  1.7MB
- MD5
  
  36fddeafc7b1c449a202df980305a4b6
- SHA1
  
  1575d40f5582a0936d3e78c5b571519cc8c2eea9
- SHA256
  
  1c4c02c4a7e39607bddbc38e7bc5e9e44a71a6313302eecde8c8d2e6a8c0aff2
- SHA512
  
  e8392f7bddc19d208fe1236aa7ee54365ee2d9247c61803e762e43ae7cdb3fa1b5ad2489b7903171367efc13d87cf9404a03ecd0744c2f5b6155d2c3a3d8b5f9
Score

3^/10
behavioral9 behavioral10
- Target
  
  21bd2c88898f8fea3ba9dddb1c9e3cfb8f279d884099830dbda16acdde273587
- Size
  
  1.6MB
- MD5
  
  69cd7700a687c190dcf824fee2a022b0
- SHA1
  
  2ee9d9dbca105772c8320ef4bfd437d9bf6664d0
- SHA256
  
  21bd2c88898f8fea3ba9dddb1c9e3cfb8f279d884099830dbda16acdde273587
- SHA512
  
  77b12b707ea334cde153a526d879086068f4134178b190b466e48c9c439828087a32187601879a095afeea33923a37de2345804b6c8d5eb478e45a28c0c0db25
Score

10^/10

bumblebee 7rr evasion trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral11 behavioral12
- Target
  
  2bf1bf8c79685a9f78498d4f00b569f7a7860c40c6fda9ba9851256eb7b0acf3
- Size
  
  1.7MB
- MD5
  
  58dc6825ed9be82678841a1677674d17
- SHA1
  
  77cae6572f5a3dc089091e1b289b87e59f333cef
- SHA256
  
  2bf1bf8c79685a9f78498d4f00b569f7a7860c40c6fda9ba9851256eb7b0acf3
- SHA512
  
  ec1ce55318ab222f09e0a1fbb5fd6965d31dc791b6f4f19c5fd3b807fa713b9e87ccd73cc0445e16ee2935f181e6c1d7d8e3eef018d0959554809f84f46b3648
Score

3^/10
behavioral13 behavioral14
- Target
  
  627c7fb21fa7eb045e1d5700badad186b8493cf205a831e46ec48919e2670f5a
- Size
  
  1.7MB
- MD5
  
  59f679ba9418d474b92a6a0689cdcdca
- SHA1
  
  e1239536e23ad02acb3bd611ec0d26995f71dd2c
- SHA256
  
  627c7fb21fa7eb045e1d5700badad186b8493cf205a831e46ec48919e2670f5a
- SHA512
  
  ff944cd4e0e70fffc0739dc73138bf91015456f13ad5fd4bf145c74c99d6317d0dc01a45ea89c5d849235892e87221dda506e9ba6e7485de724b3e01442d79d7
Score

3^/10
behavioral15 behavioral16
- Target
  
  6dce1465d4909ad02402e4c4731ba5e004fa42705a19006f78b3680a84393e77
- Size
  
  1.7MB
- MD5
  
  c5447854a9d2b2da247ec3a6737acb82
- SHA1
  
  43a1e0e318705dab7f3aae79e2b7c49756feb1fa
- SHA256
  
  6dce1465d4909ad02402e4c4731ba5e004fa42705a19006f78b3680a84393e77
- SHA512
  
  2a1b3f2a49dc9915acd476de9a4530c0d9d21b84a17fc5062bb7937ad95f041e8f3a4f376250f4c6edd1b5de4ee00503571a45012be5dc4c28eda9be40650028
Score

3^/10
behavioral17 behavioral18
- Target
  
  7431ff0c94256ead199dd9bd99d72bbf26b0d50fd6f0a1137b4a640e98047940
- Size
  
  1.7MB
- MD5
  
  514b1788384c02854f393f92f91f6e53
- SHA1
  
  0d59c65af161ec6d9794b241eaae9076789e243e
- SHA256
  
  7431ff0c94256ead199dd9bd99d72bbf26b0d50fd6f0a1137b4a640e98047940
- SHA512
  
  a2380d54e73c4fb4c31f29730e5eea4c58d15b8429746cd3742948d6b45d7f4c985e385aa907fb1492776151a7f40a0e5fd3066934f41f48a1430400ebea66b9
Score

3^/10
behavioral19 behavioral20
- Target
  
  7b0bffe1de4e468f2d254396eb2d16bc72291f58813cf9339d120bd6b776e5b1
- Size
  
  1.7MB
- MD5
  
  65476e3a66bf3d068516fdb376146a46
- SHA1
  
  b866518f04945820f76632cf23aa8b02920eb9f7
- SHA256
  
  7b0bffe1de4e468f2d254396eb2d16bc72291f58813cf9339d120bd6b776e5b1
- SHA512
  
  d2e1ac6f8f8ac0a180697be5ef9c09cd845ece8cc61115b7fb0dd5149f9f829cc7a084c761e00b6d0674c5db9c0663ce8c737eb54130fe05c5d4c08a88d24037
Score

3^/10
behavioral21 behavioral22
- Target
  
  825e874aa0b6bca6968639b7ed812c46f9a074384cda86daefab50a9d15e8fd6
- Size
  
  1.7MB
- MD5
  
  1c0ef0083cddb914572ebbe5e2e6a87d
- SHA1
  
  28323a8b707b3081768bf63c4759ad5af3536ac7
- SHA256
  
  825e874aa0b6bca6968639b7ed812c46f9a074384cda86daefab50a9d15e8fd6
- SHA512
  
  c9f823d0d66804e040222c7d61ef9bb24b1900bf7592f84add4decb76dbf30ba2ba0c195a66e4ae0575fa6a939846bebe7020dbb377c89f956911cadc0a15803
Score

3^/10
behavioral23 behavioral24
- Target
  
  8d52e22c560ad1a1b6314dc143587b9bf1b78c764a8451a78868e5c692319d6e
- Size
  
  1.7MB
- MD5
  
  158126169c83491f524180ffea7a31ba
- SHA1
  
  74451e41fac4abfc35f054a316e00747a2c0c077
- SHA256
  
  8d52e22c560ad1a1b6314dc143587b9bf1b78c764a8451a78868e5c692319d6e
- SHA512
  
  f8c79976cb3ee239733ce04d15ab81ec292e34504b25ad4525aa9bfaf80124a5e495786e3044b4345e5d1ae919fce0971a4c88d7ee309d1a7ce01c124ac51de7
Score

3^/10
behavioral25 behavioral26
- Target
  
  97eba4e90b8fb9fe5f631acad54eb0a44182eec4c2592291634a0b0940613a7b
- Size
  
  1.7MB
- MD5
  
  841a2a039b508b36a950b0f07a853330
- SHA1
  
  0325ea1b11eb576dc0bc23787e036871c6fd789e
- SHA256
  
  97eba4e90b8fb9fe5f631acad54eb0a44182eec4c2592291634a0b0940613a7b
- SHA512
  
  8b4d1af9a1c1f5271220477a461671b598d13ad58c275e1fc8ebec8f117fd5cbf2929b58afabf7ea0dc495407ca3aa16a8921b51282019a3f0a08341ee7b84bb
Score

3^/10
behavioral27 behavioral28
- Target
  
  9bf1d98278c83fb073371a4cba49dc174566388e07ae512d91a4cf1226becd16
- Size
  
  1.7MB
- MD5
  
  276c0e4adbeb33402c1e46c69caf88ad
- SHA1
  
  a1665cd7803f474543ca78dc1d11afe1839c9f8f
- SHA256
  
  9bf1d98278c83fb073371a4cba49dc174566388e07ae512d91a4cf1226becd16
- SHA512
  
  66945fa8e9c1c40197f708e27223e0964dc659302b68475dfbe2991d54e54381969164b3213e9069cc0c044b91add068419c56f7d09542a1718a2473d8fde7e2
Score

3^/10
behavioral29 behavioral30
- Target
  
  b4660d1b6d5a5597b42a31efa90b240b45e9351f628fa6b8c7817ce576f630e1
- Size
  
  1.7MB
- MD5
  
  4b8c5df127d7980809865a0e3f967a10
- SHA1
  
  1ceaea09de604f85f1013f378d0f9a873708f377
- SHA256
  
  b4660d1b6d5a5597b42a31efa90b240b45e9351f628fa6b8c7817ce576f630e1
- SHA512
  
  e65c528ca9a5a1ee4b09b3779aec3353ac22b4cae3ec048f7c8cd2879b2ce875b4d710cbadd795ff20634d0ae7f5d21f203770ce30368b9253f3aa6b6fdf11d5
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Enumerates VirtualBox registry keys

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Looks for VirtualBox Guest Additions in registry

Checks BIOS information in registry

Identifies Wine through registry keys

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32