bumblebee | 23c10f0ff64c3161ac221e9cd6eae744b3260f0ac346cca4cc7afa770b60c0da | Triage

Submit
Reports

Overview

overview

Static

static

document.iso

windows7_x64

document.iso

windows10-2004_x64

3

Sharing

General

Target

document.iso
Size

3.1MB
Sample

220614-wfjlssgcgq
MD5

8b76eb981cb9a08767a93f1c3bdbf3df
SHA1

4d558beaaa7af0e1232fe8d5436f7be0dd674660
SHA256

23c10f0ff64c3161ac221e9cd6eae744b3260f0ac346cca4cc7afa770b60c0da
SHA512

4ea530db2356f434bc7f879926d8ee7a0f4515fa203d576ae7141d7d18477510a7e84049f5aabb350ee10c8315bb9a4cba6e61eee578ddbb553cb37386b13955

Score

10^/10

bumblebee 1406r discovery evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

document.iso

Resource

win7-20220414-en

bumblebee 1406r discovery evasion persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

document.iso

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

bumblebee

Botnet

1406r

C2

39.57.152.217:440

69.161.201.181:382

244.6.154.71:111

193.233.203.156:443

221.106.84.123:307

194.135.33.148:443

111.99.39.11:387

223.243.46.133:147

48.165.175.199:316

78.89.31.86:229

157.17.142.85:406

90.81.8.16:370

21.29.238.98:209

154.56.0.252:443

103.175.16.108:443

188.57.4.52:357

15.209.19.148:466

160.70.24.228:486

33.145.184.132:240

235.126.132.170:106

171.78.101.85:258

188.6.218.149:317

123.67.113.210:483

115.109.212.139:461

167.28.27.185:467

185.62.58.133:443

133.57.116.243:424

47.58.200.234:159

142.182.181.207:450

57.240.143.90:256

158.35.83.74:332

135.253.243.175:300

34.229.154.31:235

104.168.219.94:443

48.209.106.172:357

68.227.158.172:411

80.9.246.19:338

45.153.241.187:443

145.239.135.155:443

188.104.94.69:348

246.20.199.100:175

80.26.101.48:372

22.83.186.45:201

146.70.125.82:443

216.254.58.191:443

80.156.1.202:305

107.44.53.47:330

67.136.243.43:323

172.244.110.160:367

rc4.plain

Targets

- Target
  
  document.iso
- Size
  
  3.1MB
- MD5
  
  8b76eb981cb9a08767a93f1c3bdbf3df
- SHA1
  
  4d558beaaa7af0e1232fe8d5436f7be0dd674660
- SHA256
  
  23c10f0ff64c3161ac221e9cd6eae744b3260f0ac346cca4cc7afa770b60c0da
- SHA512
  
  4ea530db2356f434bc7f879926d8ee7a0f4515fa203d576ae7141d7d18477510a7e84049f5aabb350ee10c8315bb9a4cba6e61eee578ddbb553cb37386b13955
Score

10^/10

bumblebee 1406r discovery evasion persistence trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebee1406rdiscoveryevasionpersistencetrojan

behavioral2

© 2018-2025

Terms | Privacy