Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
11/06/2022, 13:38
General
-
Target
appbuild.exe
-
Size
3.0MB
-
MD5
cd2cce5e7cc63f6947305cfe8509d3a9
-
SHA1
677517444d5311991874856e9a56959eb4f22eb0
-
SHA256
9d75278f48c145f9bdb1c7916ab92965fa5a079de0fd8d22a894b2307b80f2c1
-
SHA512
f3ee3854340906a127f24ed0bb1eb56c53abef4e4fbb1472a6b2cda1ad9fe51dff1cf0ff19e707c47fe0e415381ac8ab2c3ed08a1ac15902262cd4992417047d
Score
10/10
Malware Config
Extracted
Family
bumblebee
Botnet
LEG1
C2
45.147.229.177:443
Signatures
-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys 2 TTPs 5 IoCs
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 3 IoCs
-
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
-
Looks for VMWare Tools registry key 2 TTPs 1 IoCs
-
Checks BIOS information in registry 2 TTPs 3 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\appbuild.exe"C:\Users\Admin\AppData\Local\Temp\appbuild.exe"1⤵
- Enumerates VirtualBox registry keys
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Looks for VirtualBox Guest Additions in registry
- Looks for VMWare Tools registry key
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.3MB