Overview

overview

10

Static

static

Project re...ts.lnk

windows7_x64

10

Project re...ts.lnk

windows10-2004_x64

10

projectreq...ts.dll

windows7_x64

10

projectreq...ts.dll

windows10-2004_x64

10

projectreq...ts.rsp

windows7_x64

3

projectreq...ts.rsp

windows10-2004_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    wetransfer_20220630.zip

  • Size

    911KB

  • Sample

    220701-cqb5xshfa5

  • MD5

    ead326675a0ce6e4d17ef814cfbca89a

  • SHA1

    5209c1fe7e03c7476b8fbeedb31735a4a9c453d5

  • SHA256

    377d477d2942dac5b44137b7ac2a36e1588656598dc8b2b6402a80b7d7ee2502

  • SHA512

    8a1e425716e1617d83eabf77facd5f0980208be5be15cf753d8647bb4ef65fd5d4729ed9d2bafdc841bbed5aff399fec6778fa0612ff450bc11a11c9eb1d3a18

Score
10/10
bumblebee306aevasiontrojan

Malware Config

Extracted

Family

bumblebee

Botnet

306a

C2

97.179.31.192:334

244.126.180.210:277

29.98.32.223:101

196.165.207.229:429

118.17.155.189:106

68.158.21.32:209

23.81.246.165:443

175.7.188.48:453

25.97.237.60:276

90.214.176.20:192

80.63.17.197:205

126.248.70.180:294

157.184.237.140:322

152.186.86.1:112

13.9.144.228:382

2.193.52.84:325

52.3.39.216:145

172.93.193.188:443

33.136.131.60:473

152.71.253.158:446
rc4.plain

Targets

    • Target

      Project requirements.lnk

    • Size

      1KB

    • MD5

      a9b76d5bcc5de4f5ff018b04ca4c0a8c

    • SHA1

      9db6e63905f3ef5435a959770708eba5f0e1e2d3

    • SHA256

      96e3dc46a2a60cb7a29b8f697135507e6c59e43bc17018df0ad56cc32faa6a25

    • SHA512

      14feb06bc75fb177fecf659f95347b1214e69196d3c69a284fc787e383eedca3a6f72e909fa5967bdaa6f2203005a60ad29ff2bdbab3631b6abbdbebc0c7d057

    Score
    10/10
    bumblebee306aevasiontrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

    • Target

      projectrequirements.dll

    • Size

      1.4MB

    • MD5

      7493bea3dcbefb30d97e5643e652d3e0

    • SHA1

      3a7ff600ba143f1ef92f66ec41e9f5e285f49d20

    • SHA256

      5b24595e299f92d6bdefc0a5b390e95c3291433e8ba90d5918aa3ac4b541fcf5

    • SHA512

      239c16ec27836a6852bd918c2a9aad1a10c35dd20fca7b6b55693e0d2e23e828fe0c7a8f3ab6302e88263a29fe506fc0a8ff8117d5cd8cc14d973a87275d1491

    Score
    10/10
    bumblebee306aevasiontrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral3behavioral4

    • Target

      projectrequirements.rsp

    • Size

      30B

    • MD5

      6e020ce75c33224bce1d16a78a6c1eee

    • SHA1

      fefc97b219e4e561bc6a2f4d81de3906a75fac5b

    • SHA256

      3cfa1e65becda265b065294d9ecb9b5b79fe155fc9d456f9061e4a395f814a14

    • SHA512

      dca95e0c296ac5112f5150521d2892c8e4cdad20ae7341b1d3bc454d5839d0c3b2a425a445dc69a357c8da9a217aa8a45b804f47cdcaff4eaa010c5b2ea16633

    Score
    3/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v6

Tasks