bumblebee

General

Target

220427-tyg5kschh4_pw_infected.zip
Size

1.9MB
Sample

220611-pfcd6aebgr
MD5

6b97665d9a715c46884972e1eee2c539
SHA1

e1f17c90663a7f564be5ab99f37a789e92973b2c
SHA256

44c439a495999d617ddd4fc99cbc83f193ddade2cee2a466ff6730aa840b0fd3
SHA512

0045c8f0ec3b8f443904fd19fe619d284f1fecece253ca283b13fcabe8f0ec629b6fb0218369178a21ee4a1fe43956ca0b93c16ab0b317f40417470734372401

Score

10^/10

Malware Config

Extracted

Family

bumblebee

Botnet

2704r

C2

108.62.118.61:443

23.227.198.217:443

89.44.9.135:443

rc4.plain

Targets

- Target
  
  69kwq90.dll
- Size
  
  3.5MB
- MD5
  
  7ad55184fac8e8fd14aec8a0dd640793
- SHA1
  
  e22f228da37e6259958d8230cecbc0c069e55ef4
- SHA256
  
  fce34222fecb0145d37af99a46dabd30f4bf9e7c39c0f355fbfbdbe6a94687ee
- SHA512
  
  d6bb6555b9c007c313ee528ad9e43f0cc7a02d9c8833145295d767f5f5927080af48992bd110763cca8a27d0cf7facf1fca7d0c513388437dd074d950dae83d7
Score

10^/10

bumblebee 2704r evasion trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2
- Target
  
  documents.lnk
- Size
  
  1KB
- MD5
  
  ce056650c27a20d66184651450d7c989
- SHA1
  
  7752f3b03c95020958032daec1aebf16aca9eae5
- SHA256
  
  83b4471ad3049c8b8b6fed5231de4a93add014dfd4b46ff4d207c5a35602667e
- SHA512
  
  8e498ee2413fe9d0034ce70d1e83ef1d36ca137c9af2d8263d74a30d2a26f2516084db97066359f599392197a0c35a1d231142213f8cdad90131e2ff5169cf2a
Score

10^/10

bumblebee 2704r evasion trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

4

T1497

Credential Access

Discovery

Query Registry

6

T1012

System Information Discovery

3

T1082

Virtualization/Sandbox Evasion

4

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Enumerates VirtualBox registry keys

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Looks for VirtualBox Guest Additions in registry

Checks BIOS information in registry

Identifies Wine through registry keys

BumbleBee

Enumerates VirtualBox registry keys

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Looks for VirtualBox Guest Additions in registry

Checks BIOS information in registry

Checks computer location settings

Identifies Wine through registry keys

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4