Overview

overview

10

Static

static

bumblebee.dll

windows10_x64

3

run.bat

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bumblebee_5_220624.zip

  • Size

    910KB

  • Sample

    220625-jrnzfacadm

  • MD5

    5acfa105cf47bd43ce9a4dd525106886

  • SHA1

    6518116f189493df80976cd52c29a74f54e395ad

  • SHA256

    c2715e24a74f528a3a779823b24f8263b81df77a331d078afb5d4a000cfc8d58

  • SHA512

    7ca98f4478b79b091eb82d36028630fd7fa800258fe979715106803c156e7cc36bfe4f1cd4544e0e1746b33e63163656680134cd3472484c6e48f4c40bbddce6

Score
10/10
bumblebee236revasiontrojan

Malware Config

Extracted

Family

bumblebee

Botnet

236r

C2

54.38.136.111:443

103.200.32.188:492

74.57.128.223:112

13.2.200.200:338

228.194.82.251:473

247.224.208.140:372

0.151.228.146:282

192.119.77.241:443

186.150.217.235:221

50.41.225.93:478

50.167.186.112:239

173.77.219.120:201

187.210.45.242:299

239.11.133.48:421

207.6.99.3:471

98.28.11.39:201

193.239.152.108:242

133.209.39.126:217

146.19.173.202:443

97.194.155.116:446
rc4.plain

Targets

    • Target

      bumblebee.dll

    • Size

      2.5MB

    • MD5

      5f8670891a305ed5d941c7506840862e

    • SHA1

      4048134eb218a06b3b338b087de8cbeb38c70c0b

    • SHA256

      e08f7ad4994db661679a1f062a3b921b34dd0707125e78552a7a743488e8fa49

    • SHA512

      f09decf9e8146e6505a3c3adb3987c1da711ddec3b91bce750ded1005f295278121f18be49858c5b665dd2f21a8eb950245ab7afb025f079c30c02cc5c2132e8

    Score
    3/10
    behavioral1

    • Target

      run.bat

    • Size

      58B

    • MD5

      21f479b64e1b4cac98f71d55d928a124

    • SHA1

      a5381cb0557dc3d1ec5a1ce8f76a97adc3d9f4ec

    • SHA256

      6ae8417806a564871b70d7adb4baa557a1ad1cf6f4b61efbff7b00c8bbca1a7a

    • SHA512

      c8ef4a263eefe2f2ded6e146614dd102aa8b41051a7a8e670fa1e3683e608feba507f18ae5a3a5de337df264492c074d489504109909e0afab9b3ee502960315

    Score
    10/10
    bumblebee236revasiontrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion
    behavioral2

MITRE ATT&CK Enterprise v6

Tasks