bumblebee

General

Target

TA578_20220622.zip
Size

1.0MB
Sample

220622-y7fekaaddr
MD5

c51b7d7628982cfb5c5b16db8d849e21
SHA1

30753911f25eb0d2833643a5ebff6b3221204518
SHA256

7cc64ce87ef3ad289ad6c934c3380ff3a53373eb5f5ea11790fc67882ed2e795
SHA512

f31b9b3c044468fa8d2fc8dffb00c0de32815258188c38dc85e5677749ffe03ebd747acc3aab91c9cd13b896f1253928d0ae3cbb9c560b062ee849d88f4499ff

Score

10^/10

Malware Config

Extracted

Family

bumblebee

Botnet

226r

C2

24.60.199.116:370

145.100.67.15:360

101.96.171.173:155

182.52.208.138:119

6.138.120.113:452

103.175.16.47:443

99.189.165.204:103

174.83.182.164:221

138.22.181.180:246

51.139.193.203:488

196.99.108.92:240

67.127.134.116:328

160.173.252.174:275

202.106.192.129:291

194.202.95.243:336

174.166.74.219:203

198.104.198.26:492

118.101.230.66:260

192.119.77.241:443

181.108.184.158:156

rc4.plain

Targets

- Target
  
  documents.lnk
- Size
  
  2KB
- MD5
  
  9df6df3b98d90c2a892c2120876b6339
- SHA1
  
  f1634315324fb3bb1384c4197be3bef0cf447a83
- SHA256
  
  c307536aa32637598b607bc03c11daaf50c7adffcae47b22c29c3deb5302d674
- SHA512
  
  1499b16b317e7020438cfbc0af7e7345687a2bffacbe6b354ee404ba5f79d659d798df8446569afc05e1c2f43d19d60a9a3423fa7fec4b120dfc989ad804c855
Score

10^/10

bumblebee 226r evasion trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2
- Target
  
  m4ros.dll
- Size
  
  1.7MB
- MD5
  
  380d33a0977b70e018de30269eaa5c4a
- SHA1
  
  4e5e74e47d18ef79aa674fe020c6538c4cc17222
- SHA256
  
  55907bf7556c33200815f38f1045b94fd7ea2b76059bc4f0de2ad5d1fec13b6f
- SHA512
  
  aa26e62ce7ffac720af7aa2a1d40e3aef26f5fd3dd9ead09f4c25d208d397eeec1597d0adfcfcef94ee13338d5fbcbda6ad995e54cdf85a05c7f320120373e10
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

4

T1497

Credential Access

Discovery

Query Registry

6

T1012

System Information Discovery

3

T1082

Virtualization/Sandbox Evasion

4

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Enumerates VirtualBox registry keys

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Looks for VirtualBox Guest Additions in registry

Checks BIOS information in registry

Checks computer location settings

Identifies Wine through registry keys

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4