bumblebee

General

Target

stolenimages20220614.zip
Size

929KB
Sample

220614-zs2vpacghm
MD5

8d46412faebe54eaa01686ed74bcc0c7
SHA1

aa5616e9f4fd60a63e7829f27bba85f61db9ad87
SHA256

bb66936f868620ed0756cb95e926e72b74bc06fff28e70f74c4782c92138d197
SHA512

b0ad1397b9cc95c00231fcb4f114c7e0aae1b8b9b0fef563aa9d45863f703faf45524a6ffa4d1e4441f64703827daa77325e68d552e507744558b9b89f3f351b

Score

10^/10

Malware Config

Extracted

Family

bumblebee

Botnet

1406r

C2

39.57.152.217:440

69.161.201.181:382

244.6.154.71:111

193.233.203.156:443

221.106.84.123:307

194.135.33.148:443

111.99.39.11:387

223.243.46.133:147

48.165.175.199:316

78.89.31.86:229

157.17.142.85:406

90.81.8.16:370

21.29.238.98:209

154.56.0.252:443

103.175.16.108:443

188.57.4.52:357

15.209.19.148:466

160.70.24.228:486

33.145.184.132:240

235.126.132.170:106

rc4.plain

Targets

- Target
  
  documents.lnk
- Size
  
  2KB
- MD5
  
  2207b8077e12e9b9e4b99472223ef4a5
- SHA1
  
  8ec827a0eae5b9f604fac9df1b0a771d9f7801da
- SHA256
  
  f7d28026d41bf2a098bbf592d5ce2ed4f31fcc47a453ecab4e241910e3f407b1
- SHA512
  
  b06ef3c5a2bcf29450f32dba9208c2326b2d350a5b317be9fe1607d80dfbec35c326e3a9968e6346085988a88ef328431dfdf7ef4eb8a0f92c5b8c9d08909121
Score

10^/10

bumblebee 1406r evasion trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2
- Target
  
  timi4r.dll
- Size
  
  1.7MB
- MD5
  
  c2431e5037bdcbc7573520ea8c99ff87
- SHA1
  
  8a4f5bcb62f7eb290fd4c903eb15ff58be9f5aa5
- SHA256
  
  6aa4da1ac218390e6cb97bcc7c5483ab4815c5e5b075ea86da8f123d25e9832d
- SHA512
  
  46452afb80f78f8a7b4c120cac8071e4e7e5e13f03663901c901aa20f7df4a1091ad2f55970087e5c3151115df206e0e09764655d22671535973b1eb2395c7fa
Score

10^/10

bumblebee 1406r evasion trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

4

T1497

Credential Access

Discovery

Query Registry

6

T1012

System Information Discovery

3

T1082

Virtualization/Sandbox Evasion

4

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Enumerates VirtualBox registry keys

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Looks for VirtualBox Guest Additions in registry

Checks BIOS information in registry

Checks computer location settings

Identifies Wine through registry keys

BumbleBee

Enumerates VirtualBox registry keys

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Looks for VirtualBox Guest Additions in registry

Checks BIOS information in registry

Identifies Wine through registry keys

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4