Overview

overview

10

Static

static

m3n4rat.dll

windows10_x64

3

run.bat

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bumblebee220624.zip

  • Size

    906KB

  • Sample

    220625-h96rjabbdr

  • MD5

    2147cb1e9c0d407f480709cc1254a976

  • SHA1

    ec97ea14c6a7e83e1fc5d599f36a2a91da1ff184

  • SHA256

    d3130949ac392757e412d24acba974cae68453c888efd07102676b2dc24d0e09

  • SHA512

    c8cd1a181786af28e19ca2112640fce19eb2cc18c986f28df15f049338f2e0eeda192381c25d3ee5cdc2572c9dc33b60cb3b313f04aaf746d98ef3db0b75bc2d

Score
10/10
bumblebee236revasiontrojan

Malware Config

Extracted

Family

bumblebee

Botnet

236r

C2

54.38.136.111:443

103.200.32.188:492

74.57.128.223:112

13.2.200.200:338

228.194.82.251:473

247.224.208.140:372

0.151.228.146:282

192.119.77.241:443

186.150.217.235:221

50.41.225.93:478

50.167.186.112:239

173.77.219.120:201

187.210.45.242:299

239.11.133.48:421

207.6.99.3:471

98.28.11.39:201

193.239.152.108:242

133.209.39.126:217

146.19.173.202:443

97.194.155.116:446
rc4.plain

Targets

    • Target

      m3n4rat.dll

    • Size

      1.8MB

    • MD5

      ea33abc17c48e0708ab3cf562b40603d

    • SHA1

      d170715918e48e89153c15d02aa2aa00f0f0e080

    • SHA256

      7db1126c80901edbc3be6948f208d4c450a23ea453ecf2e684bb4c8363c60db0

    • SHA512

      e90933d016a49ebb11f94c25286b519202c9d85bfdf8976dc04d7dd5ef9b179eeb98db3babfeee4cc696268fa5ccd22b066ca32a80e61e9b5255752ca4cabdfa

    Score
    3/10
    behavioral1

    • Target

      run.bat

    • Size

      56B

    • MD5

      057da6dbb40a272adc8146a90ad18a84

    • SHA1

      df04c5c34874182166c228bf8dcd2368ce0cf4af

    • SHA256

      f4271ffa3b6a6025d3e39d4179543fa839e7befda292f91405d7a872481afcdd

    • SHA512

      911729f3548d4570eafaf2930631a94b9a94b195442cc85a9d2f8f81807aceed06f951abf09b295659bd29e7707cbbe59024ee607e81a3e39bf52ea24949e2ba

    Score
    10/10
    bumblebee236revasiontrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion
    behavioral2

MITRE ATT&CK Enterprise v6

Tasks