bumblebee

General

Target

documents-04-106.iso
Size

2.4MB
Sample

220611-q1qmysbad2
MD5

e7bd30afec3ec9149327039f33c06943
SHA1

f603829ca3bf57a365d293989c0a3a42e14a2f6d
SHA256

422c03f96a72fdd657c2ebca1387bd1f6be6e0b1b30a352827c48ef6fc16995e
SHA512

941602b46d0eaa7424f475d9dd5d3eaf3f983fad63b013a605240ec6fe0f585b89d7bba4361eb40bf39dfb6877bbc176caecfc9ebefe817d5b39f55bd50c4d7b

Score

10^/10

Malware Config

Extracted

Family

bumblebee

Botnet

ALL0504

C2

192.236.198.63:443

Targets

- Target
  
  documents.lnk
- Size
  
  1KB
- MD5
  
  2b879216747e8ce7c01073e5ee197494
- SHA1
  
  bf357b8e46fc3ff717807fec3362733fc159f99f
- SHA256
  
  9dfb32ed9b5756151623a8049eaa7785bf761601eb6c7165beff489cce31bb08
- SHA512
  
  66fd20e6f4f7316b65d17e8488c7d4cb41cceb8118b0d5970fd9d845f1d80d6d355bdc1104786ce867658244a32a2ce49c56715ee8d897cc4c26b0db0d074c35
Score

10^/10

bumblebee all0504 evasion trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2
- Target
  
  setting.dll
- Size
  
  2.4MB
- MD5
  
  156dd2407831b04e65295450c80b5842
- SHA1
  
  a0a17e9152ebe725c7de51df2c6626d5dabe7b45
- SHA256
  
  f0b628319ecaf47e44a59b53c465e3461c92a08b352188b386b3e43fb47750f6
- SHA512
  
  98bc3ecc0cb36386499ca002167bfb05858e82355b1137e5eeb3e8b087ac5ea25853546534c0ffbba6df82a755ba1f494a77416826fa186c6b27cfec2da7b8ec
Score

10^/10

bumblebee all0504 evasion trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

5

T1497

Credential Access

Discovery

Query Registry

7

T1012

System Information Discovery

3

T1082

Virtualization/Sandbox Evasion

5

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Enumerates VirtualBox registry keys

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Looks for VirtualBox Guest Additions in registry

Looks for VMWare Tools registry key

Checks BIOS information in registry

Checks computer location settings

Identifies Wine through registry keys

BumbleBee

Enumerates VirtualBox registry keys

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Looks for VirtualBox Guest Additions in registry

Looks for VMWare Tools registry key

Checks BIOS information in registry

Identifies Wine through registry keys

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4