Overview

overview

10

Static

static

project re...ts.lnk

windows7_x64

10

project re...ts.lnk

windows10-2004_x64

10

project.dll

windows7_x64

10

project.dll

windows10-2004_x64

10

project.rsp

windows7_x64

3

project.rsp

windows10-2004_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20220615_smashSample.zip

  • Size

    995KB

  • Sample

    220615-xdsx5adha5

  • MD5

    e2ebbe38a701adaf413852f1fd6b5ce3

  • SHA1

    479d544b4769ad1def8a65c52144ddffbe1a3954

  • SHA256

    d933c1312d76c6d5759adbe705be02a6496f9d1f7af83629d2203a0b63bbac1f

  • SHA512

    8db1417c0cf910109df64d555ce3b6136699d4c13bbf7ae073b136e8814fb1a4912a3c1c86e1a81036b2f5f09ac67df14d6e2c5906db7fb94b64309dd099f599

Score
10/10
bumblebee156aevasiontrojan

Malware Config

Extracted

Family

bumblebee

Botnet

156a

C2

83.47.40.251:306

251.143.69.150:395

64.250.120.4:406

115.16.153.155:459

233.82.38.10:391

60.27.170.3:463

221.218.33.190:154

218.199.149.25:415

0.134.23.62:116

241.41.90.117:181

78.244.227.62:462

146.70.125.122:443

224.49.28.61:214

2.97.24.126:148

112.81.173.199:399

170.107.238.10:276

45.84.0.13:443

210.163.58.211:385

146.19.173.186:443

154.56.0.102:443
rc4.plain

Targets

    • Target

      project requirements.lnk

    • Size

      1KB

    • MD5

      db4e4a4e926e4dfe525929250afe7ae7

    • SHA1

      4eb0bb7294c53f896527ce770e3c299c2fcbfdca

    • SHA256

      7c38f9a113c85027806676885e027e4ed7de6b3c9bbd0861babfc2a8c911ec48

    • SHA512

      f75a3e9b0bb22c9335bbd38bda8858ec6d7f11dd66c0bd26d45be4d9c0c4f49b9f559e5ed4be9da7a9f9e77f920c0aebb27ae60876a26635987ba504b997a538

    Score
    10/10
    bumblebee156aevasiontrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion
    behavioral1behavioral2

    • Target

      project.dat

    • Size

      1.5MB

    • MD5

      fb30fa42b6fb4cbbbc3f597cc782e56a

    • SHA1

      f0c5391dc040286cac62d5900ddc20c178da0839

    • SHA256

      7935ad8c2dc8d082530650b858d1a2f53f4990a376ca84e3c29ce7ae5bec94dc

    • SHA512

      03171c8e689042be587b98533dd8c737331ca4357ded0774db6e8a6feda2de2dd8c9f6f66b300080425756bba1bf77fcb361ea8ffbba9b2a2e5f687b224ac60d

    Score
    10/10
    bumblebee156aevasiontrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion
    behavioral3behavioral4

    • Target

      project.rsp

    • Size

      18B

    • MD5

      06c6c9e9f69b6ba4bea7dd172904ee74

    • SHA1

      4e86f1b41630dbf43be2bc82e516317c166aef8f

    • SHA256

      3b41f2bb928cb4ae75944da01bf3204dd7fda3f80ae1b800395656b70b53a4ab

    • SHA512

      e5bfffa1cda707667f4ea389775badb69bf4542e243b0489d042d2a3b5c1eeed8ad098f240ddc029a4f7ebe837ca3bcd5532cf2fa0434477d5dc5245d1adb8f9

    Score
    3/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v6

Tasks