Overview

overview

10

Static

static

documents.lnk

windows7_x64

10

documents.lnk

windows10-2004_x64

10

n3zarek.dll

windows7_x64

3

n3zarek.dll

windows10-2004_x64

3

Resubmissions

27/06/2022, 22:24

220627-2bv2xsdfcn 10

27/06/2022, 21:38

220627-1g2k8adddj 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    documents.zip

  • Size

    923KB

  • Sample

    220627-1g2k8adddj

  • MD5

    f3b48bbfcf2870da35d2944ce6a83db3

  • SHA1

    ea1d53f527b44e402d061cf236a5b2a1dc89fd1e

  • SHA256

    d2cf5e5e1018f5bc2192ed06dca9732d687cc2735aa07bf763c1721df108a36e

  • SHA512

    c6adc570474534cf19968faa6d6f1cd59df6d6a7b78ec87772f7a0625bf23505b12b89db1044f7482b83a4f5fbbb1070b94898162e67ba89583edcadac1ae32d

Score
10/10
bumblebee276revasiontrojan

Malware Config

Extracted

Family

bumblebee

Botnet

276r

C2

76.81.225.65:337

41.28.188.77:212

51.199.209.83:290

192.119.77.100:443

68.121.248.35:464

54.37.131.14:443

149.197.87.217:409

224.110.0.53:105

253.13.70.127:340

122.50.173.112:157

103.25.51.23:388

199.61.79.119:346

68.14.88.177:143

227.12.148.222:270

33.93.97.183:112

168.113.169.88:428

64.157.160.42:207

156.151.142.100:123

146.19.253.56:443

135.36.57.27:157
rc4.plain

Targets

    • Target

      documents.lnk

    • Size

      2KB

    • MD5

      663851b4f1b3ad5acd85c4ab15493e71

    • SHA1

      32060a7f992322ac9bdf6d976d60181111b571d6

    • SHA256

      68e3bf7eec93dfd4394746769532dbc890207fd6f554c18165e8a2746b3fe2d2

    • SHA512

      0d51286f76f3f8fd292574b97803891571e3c20a110e7b830208591f69fab86941708e1751d3851724b0a12f610ba603afb259451c9e480e42fc306d0688e828

    Score
    10/10
    bumblebee276revasiontrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion
    behavioral1behavioral2

    • Target

      n3zarek.dll

    • Size

      1.4MB

    • MD5

      8135745a29f02e96db7b075de3bb7fdb

    • SHA1

      fabafe2e3440dbd71d8d9614a3c8abfb1434eac9

    • SHA256

      90576eb6754dd1c38fb4cea4bf3f029535900436a02caee891c057c01ca84941

    • SHA512

      df5b9c699f5f85d3d666b4cb0d05f49f798a8c3fec93e98fdc0ccc703bc1cabc5752852e1a5f4020fdd9c7a1c48337ff4370b18091e03b6155262e77daafe43d

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks