Overview

overview

10

Static

static

Project Re...ts.lnk

windows7_x64

10

Project Re...ts.lnk

windows10-2004_x64

10

req.dll

windows7_x64

10

req.dll

windows10-2004_x64

10

req.rsp

windows7_x64

3

req.rsp

windows10-2004_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20220627_smashSample.zip

  • Size

    896KB

  • Sample

    220627-xkzz1sefe2

  • MD5

    7e82acf67db05f474c13a660ade71ef8

  • SHA1

    2f0635eb2bdf4d066ac269923cdc111aa849253f

  • SHA256

    dc00d383b30857a1d0a615bc1c37899151571fec9675f64e01a02f54d59c0b89

  • SHA512

    d13a824f7e8c63a39c193f6d077cc5b78fdaf138424b69b6cfa18a56f2f290214cb0579fdf47a4939a497dd466e109cf18eb71606ec680947667c372ebd71abc

Score
10/10
bumblebee276aevasiontrojan

Malware Config

Extracted

Family

bumblebee

Botnet

276a

C2

100.65.168.129:171

207.177.53.164:325

32.87.78.10:384

117.162.18.77:404

116.176.236.58:151

123.2.128.107:267

169.146.162.63:373

55.115.177.92:239

224.248.147.154:499

88.7.179.62:135

187.218.226.58:319

146.70.106.52:443

8.34.35.232:389

98.116.138.87:321

255.161.114.204:370

159.90.121.44:362

150.226.60.234:160

161.254.115.117:308

211.66.121.128:361

43.10.228.15:400
rc4.plain

Targets

    • Target

      Project Requirements.lnk

    • Size

      1KB

    • MD5

      42a398dba7a9d3a2b0c5d281822f6f9f

    • SHA1

      60379eaf9e602c5cd09e1b0cbbdfc6ba9c3d16c3

    • SHA256

      eb61ddcf07a1ceea6c6ae74dff6bb6407b5c575b3e7be42cfa03be3c52d77a95

    • SHA512

      2c79b9d954111a13780bedd038357269aad31ba2d262ab70c0c88dbbbc26d60c8c0dea1bf4ade27c87d38cb0b7b3deeb7ba7f0a2846a4e19d0c89921cb423324

    Score
    10/10
    bumblebee276aevasiontrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion
    behavioral1behavioral2

    • Target

      req.dll

    • Size

      1.4MB

    • MD5

      de26dc1fee02ba446cad6c2f4c21fc31

    • SHA1

      3ec4e5303d938f49db3393cb86364f144e18d514

    • SHA256

      9e697d49727101d423116274df53a15676ad447e086df0972f91ae78064c9bc1

    • SHA512

      800302fdbb4cb33528647f785b951a9f2d8f9d37bfe76d1db951e63a04a4272fd2eae727912cf5533783d4ee73fe6621b3b6dbd50e387b6a242addb40e17400a

    Score
    10/10
    bumblebee276aevasiontrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion
    behavioral3behavioral4

    • Target

      req.rsp

    • Size

      14B

    • MD5

      8961ff9977a5861e297b00a0ba84417b

    • SHA1

      8b46f92da77e848982e76229a2ff59b40ba4ad7f

    • SHA256

      dbaa46413f8babf05659ac1113a2d7905ae695799a9a5381dae05dc41cd16475

    • SHA512

      279e31a6f855ccdfd0320282b9c39d56c963bc814d0b7fe67efed4a693e114b1457a788cdaf3fc97b61fce8e168b2c536d56af59db899e0855dadde42fa97600

    Score
    3/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v6

Tasks