bumblebee | 5700ad38086a5d6e833ec17c8c98b6f8782900e5d6fcc9a2f8a72855ed44d622 | Triage

Sharing

General

Target

7622326120.zip
Size

939KB
Sample

220617-x5v7kaffb4
MD5

8fd4c69308143a8ee34f1225ea8e4864
SHA1

13645c2d11735bf4c0b59ca70042dd6d939fe8e4
SHA256

5700ad38086a5d6e833ec17c8c98b6f8782900e5d6fcc9a2f8a72855ed44d622
SHA512

d0b3c0c13a819e5ae83496c5675a251e5395010d516bb44b859bdc9856f51b095af3d9a12e2ff038caf2d94c00f7b0b5b213286cc149b72a8010d43e25f2c453

Score

10^/10

bumblebee 166a evasion trojan

Malware Config

Extracted

Family

bumblebee

Botnet

166a

C2

85.239.33.172:443

25.5.198.104:440

223.31.110.102:393

213.226.100.95:443

25.181.64.39:236

199.193.159.46:283

45.138.172.246:443

84.250.88.57:386

145.244.80.29:230

133.17.128.73:319

14.102.170.127:377

1.39.166.217:166

14.40.68.19:391

146.19.173.186:443

199.201.12.90:201

212.110.132.77:289

69.38.43.160:207

131.169.248.28:201

141.178.39.245:323

28.148.236.16:485

rc4.plain

Targets

- Target
  
  18aed3582da2419ab339bff7d1e84b1eac88d5c9bfaf7320daafcfbb6f6798b3
- Size
  
  1.8MB
- MD5
  
  ce8aa596ab8c1d075439a9ee29a438c6
- SHA1
  
  415ad86787a40abb95fb67e604aba8a075a41ead
- SHA256
  
  18aed3582da2419ab339bff7d1e84b1eac88d5c9bfaf7320daafcfbb6f6798b3
- SHA512
  
  a5c7d3b9d127bc1ab22a8a8596a6853ae721fb3286e0b3d5d6592d9be603f1ec31055b7598aad4c9e5ee8adb351a122f12605aa4d76a3842ace8f01645f7af1c
Score

10^/10

bumblebee 166a evasion trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebee166aevasiontrojan

behavioral2

bumblebee166aevasiontrojan