bumblebee | 90ef9d1cd49e1e7d3244db587e208d14c89d209fda9df1ee9123bdf1225ffd8c | Triage

Submit
Reports

Overview

overview

Static

static

90ef9d1cd4...8c.iso

windows7_x64

Sharing

General

Target

90ef9d1cd49e1e7d3244db587e208d14c89d209fda9df1ee9123bdf1225ffd8c.iso
Size

2.9MB
Sample

220617-ft5hesdae8
MD5

17eabf73c5ab8530e426596f14a500e5
SHA1

d135c0e39deafa18b0b9654cb5e879e1333e4052
SHA256

90ef9d1cd49e1e7d3244db587e208d14c89d209fda9df1ee9123bdf1225ffd8c
SHA512

e22f4e45ace405fa091ac2abb99369fd5522d715be3d82739df3aec7b91c28f5cda63307057b1a46be724dfedf56d5ca0c4ae84f9310fff29c8392e98279598c

Score

10^/10

bumblebee 156r discovery evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

90ef9d1cd49e1e7d3244db587e208d14c89d209fda9df1ee9123bdf1225ffd8c.iso

Resource

win7-20220414-en

bumblebee 156r discovery evasion persistence trojan

windows7_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

bumblebee

Botnet

156r

C2

249.241.29.24:181

124.243.81.221:274

142.11.216.143:443

190.123.237.229:261

208.84.180.22:146

103.175.16.106:443

18.8.71.243:176

37.64.220.2:332

100.93.33.185:487

182.62.4.186:282

239.100.121.57:329

228.78.147.191:253

212.234.34.219:148

138.65.77.29:391

55.14.133.44:292

221.238.146.116:272

91.167.137.83:421

66.23.70.38:168

183.37.64.159:220

241.112.226.151:197

253.174.222.210:447

78.90.18.29:383

185.94.100.232:189

208.231.162.191:266

0.42.131.123:144

49.57.156.149:228

103.175.16.107:443

109.108.10.35:386

177.231.94.146:410

78.79.38.95:496

231.169.5.102:403

141.98.168.70:443

45.153.241.234:443

238.42.54.122:171

194.135.33.16:443

26.6.83.53:219

241.54.78.154:269

3.172.226.46:189

203.138.139.122:404

80.241.131.170:311

132.44.27.212:299

146.19.173.105:443

213.115.131.233:186

222.62.166.76:206

127.87.0.227:339

2.190.89.140:236

98.84.87.52:353

rc4.plain

Targets

- Target
  
  90ef9d1cd49e1e7d3244db587e208d14c89d209fda9df1ee9123bdf1225ffd8c.iso
- Size
  
  2.9MB
- MD5
  
  17eabf73c5ab8530e426596f14a500e5
- SHA1
  
  d135c0e39deafa18b0b9654cb5e879e1333e4052
- SHA256
  
  90ef9d1cd49e1e7d3244db587e208d14c89d209fda9df1ee9123bdf1225ffd8c
- SHA512
  
  e22f4e45ace405fa091ac2abb99369fd5522d715be3d82739df3aec7b91c28f5cda63307057b1a46be724dfedf56d5ca0c4ae84f9310fff29c8392e98279598c
Score

10^/10

bumblebee 156r discovery evasion persistence trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebee156rdiscoveryevasionpersistencetrojan

© 2018-2025

Terms | Privacy