Overview

overview

10

Static

static

bumblebee_2.dll

windows10_x64

3

run.bat

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bumblebee_2_220624.zip

  • Size

    910KB

  • Sample

    220625-jhdr4sbefm

  • MD5

    32f73cfd1a151bf0bfc470912d3df3be

  • SHA1

    76ae5d8bfc08d3b6d70653be097e7c2a83620837

  • SHA256

    5aa0501b48569bb1ea7135da5e589349dc2f32a7d091afac5e7d45483e235f83

  • SHA512

    c56967d2163b099e0728e14dc5e25ed699ce21d01c15af0093c2c06d98453c92cfeafa5e6234696d4545b6f5f4b809a86320718c7af3aa62d0d40c4423eaf2f4

Score
10/10
bumblebee236revasiontrojan

Malware Config

Extracted

Family

bumblebee

Botnet

236r

C2

54.38.136.111:443

103.200.32.188:492

74.57.128.223:112

13.2.200.200:338

228.194.82.251:473

247.224.208.140:372

0.151.228.146:282

192.119.77.241:443

186.150.217.235:221

50.41.225.93:478

50.167.186.112:239

173.77.219.120:201

187.210.45.242:299

239.11.133.48:421

207.6.99.3:471

98.28.11.39:201

193.239.152.108:242

133.209.39.126:217

146.19.173.202:443

97.194.155.116:446
rc4.plain

Targets

    • Target

      bumblebee_2.dll

    • Size

      2.5MB

    • MD5

      5f8670891a305ed5d941c7506840862e

    • SHA1

      4048134eb218a06b3b338b087de8cbeb38c70c0b

    • SHA256

      e08f7ad4994db661679a1f062a3b921b34dd0707125e78552a7a743488e8fa49

    • SHA512

      f09decf9e8146e6505a3c3adb3987c1da711ddec3b91bce750ded1005f295278121f18be49858c5b665dd2f21a8eb950245ab7afb025f079c30c02cc5c2132e8

    Score
    3/10
    behavioral1

    • Target

      run.bat

    • Size

      60B

    • MD5

      60eedc41b3d76619d754db548ffa3dfb

    • SHA1

      5a44fa68e70c58d3231c520587c9bcb84c4c628f

    • SHA256

      be577c73a4e501f63ab1a43f7fe5fa50b276c55491c39b57c756da834e2be493

    • SHA512

      402c41938af3960533fcb3ade77fd410c50e0e4b97e914cff02a81a3c22e80f35d263c28385eabcb9275d30660da0678fc4400f7f01036295f9622d946486ff2

    Score
    10/10
    bumblebee236revasiontrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion
    behavioral2

MITRE ATT&CK Enterprise v6

Tasks