Overview

overview

10

Static

static

arch.dll

windows10_x64

10

Resubmissions

16/06/2022, 13:47

220616-q3jbnafcgm 10

15/06/2022, 11:48

220615-nysneseddm 1

26/05/2022, 17:15

220526-vsmzbadch9 1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    arch.dll

  • Size

    1.9MB

  • Sample

    220616-q3jbnafcgm

  • MD5

    16da4284ab7ab9d5669c34c339132ed6

  • SHA1

    34dc625fc243d06cbc33d403ac7ee05edfd32819

  • SHA256

    1249075a0c4af8ecfeb4a3ab1e9ef692cb8876591d73f3470106402ab1592717

  • SHA512

    b4bbbb6467a7602b5b2789a66ca343f3706fe1e15a13e639951adaa9a06b8cd97ba6ee6f05340dea679306b22fa7de02ab45b532f1e0de0abd429a9982b68923

Score
10/10
bumblebee2lg5evasiontrojan

Malware Config

Extracted

Family

bumblebee

Botnet

2lg5

C2

23.254.229.131:443

79.110.52.71:443

51.75.62.99:443
rc4.plain

Targets

    • Target

      arch.dll

    • Size

      1.9MB

    • MD5

      16da4284ab7ab9d5669c34c339132ed6

    • SHA1

      34dc625fc243d06cbc33d403ac7ee05edfd32819

    • SHA256

      1249075a0c4af8ecfeb4a3ab1e9ef692cb8876591d73f3470106402ab1592717

    • SHA512

      b4bbbb6467a7602b5b2789a66ca343f3706fe1e15a13e639951adaa9a06b8cd97ba6ee6f05340dea679306b22fa7de02ab45b532f1e0de0abd429a9982b68923

    Score
    10/10
    bumblebee2lg5evasiontrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks