bumblebee

General

Target

TA579_20220614.zip
Size

1019KB
Sample

220615-qym42shban
MD5

48a6cee41fe68c8dba38467f8570f7ff
SHA1

a0f4412d626a0ec642a29ec8fc1427be47295118
SHA256

421864ad5225415972168f2ca1b0e5b877b17449e25342ffce00b507d37633bb
SHA512

7b9b6987166f5a110fbd4fac50f343a2e49e1743ea74897fffe861ed70b3095ad91dbbee1953a43b9d5f64601a854426a2b315b960b191d21ccdde0eb079ca6e

Score

10^/10

Malware Config

Extracted

Family

bumblebee

Botnet

146l

C2

242.165.212.79:339

162.144.249.150:239

63.122.120.151:268

144.52.138.51:193

18.215.29.142:436

115.239.67.202:380

255.11.235.99:426

213.203.201.199:307

143.117.20.123:425

141.98.168.70:443

174.150.214.40:426

133.133.249.24:204

126.68.7.249:422

103.175.16.107:443

146.70.124.77:443

154.56.0.100:443

180.184.129.160:223

28.78.74.145:427

108.28.254.44:399

115.103.22.1:153

rc4.plain

Targets

- Target
  
  ScannedDocuments-0622.lnk
- Size
  
  1KB
- MD5
  
  3241e36fc0c204fd96ef9302a3b11969
- SHA1
  
  9add539d4a7982cc426e6852f7223d5ace95549c
- SHA256
  
  4c536168dab929de00efea26af786da1282aa2aa2b6809d89eb62ad76404b564
- SHA512
  
  0c70f5cd7f64cacc3516162d2ce2832b83e7143a868d1c45eb2b09d1e8150cb125ecda6843f613546e5e27e828ae02bde8d8166da9d8a92934e343a9b493eb5d
Score

10^/10

bumblebee 146l evasion trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2
- Target
  
  inf.bat
- Size
  
  41B
- MD5
  
  993ea3729ef89775410c1f8a5e4a468f
- SHA1
  
  3f5b69eb4d54ee92493f211e13ffb89cda914650
- SHA256
  
  1e78385d81b5177c733c7e2ed2f91d5400fd526c786cac089aef6e6f6ec2f08e
- SHA512
  
  14564f14807a341b161a753da27af790275e2dd0803c37c294c52d8882962ab0f774775417a80beacef4fb07cc36cc683077622d5851b5733005791a5d3abdff
Score

10^/10

bumblebee 146l evasion trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral3 behavioral4
- Target
  
  information.dll
- Size
  
  2.0MB
- MD5
  
  c9216484a6371b055705ec5f4098ab01
- SHA1
  
  a13903e50408e11996159fba5f7deab1e73e8f08
- SHA256
  
  fed9bc8df9141f8f8f7a9203bc26b5b22123c154702fcd625379f2f7ecd31cb2
- SHA512
  
  64485bb8e1845a29f9d60343a0bd6fd8de4220aa83f3cd19eed47737642b79db2753106192798d495202e74016f2e845d161c1362ad09b01104f9cfb8c939359
Score

10^/10

bumblebee 146l evasion trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

4

T1497

Credential Access

Discovery

Query Registry

6

T1012

System Information Discovery

3

T1082

Virtualization/Sandbox Evasion

4

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Enumerates VirtualBox registry keys

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Looks for VirtualBox Guest Additions in registry

Checks BIOS information in registry

Checks computer location settings

Identifies Wine through registry keys

BumbleBee

Enumerates VirtualBox registry keys

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Looks for VirtualBox Guest Additions in registry

Checks BIOS information in registry

Identifies Wine through registry keys

BumbleBee

Enumerates VirtualBox registry keys

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Looks for VirtualBox Guest Additions in registry

Checks BIOS information in registry

Identifies Wine through registry keys

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6