Analysis
-
max time kernel
47s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
17/06/2022, 23:01
General
-
Target
project.dll
-
Size
1.5MB
-
MD5
5aff7450b8d4ae74590438fd97cf73f6
-
SHA1
ed215a6cca274ba5d0707436b6da9a23e52fcdfa
-
SHA256
dfa2adde1ed8dbf9e5ae585342325b9c1fd84e9d675bf54bc7b21db07b14f589
-
SHA512
fe86d3f51ca925dcb804c8a0d32033776a02a2e38426c16d6783f45941265e88ee9658bf9b397982e0cca3a9f3154f1c8ca97118a2b06cbac33d7d5ac90cc53f
Malware Config
Extracted
bumblebee
156a
83.47.40.251:306
251.143.69.150:395
64.250.120.4:406
115.16.153.155:459
233.82.38.10:391
60.27.170.3:463
221.218.33.190:154
218.199.149.25:415
0.134.23.62:116
241.41.90.117:181
78.244.227.62:462
146.70.125.122:443
224.49.28.61:214
2.97.24.126:148
112.81.173.199:399
170.107.238.10:276
45.84.0.13:443
210.163.58.211:385
146.19.173.186:443
154.56.0.102:443
Signatures
-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys 2 TTPs 5 IoCs
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 3 IoCs
-
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
-
Checks BIOS information in registry 2 TTPs 3 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious behavior: EnumeratesProcesses 41 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\project.dll1⤵
- Enumerates VirtualBox registry keys
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Looks for VirtualBox Guest Additions in registry
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
-
Filesize
1.1MB
-
Filesize
1.1MB