Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

Project re...ts.lnk

windows7_x64

10

Project re...ts.lnk

windows10-2004_x64

10

prjct.dll

windows7_x64

10

prjct.dll

windows10-2004_x64

10

prjct.rsp

windows7_x64

3

prjct.rsp

windows10-2004_x64

3

Resubmissions

13/10/2022, 05:26

221013-f44zmsagfm 10

13/10/2022, 05:21

221013-f2ft2abae7 1

05/07/2022, 20:58

220705-zsep6achfq 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    transferxlSample_20220705.zip

  • Size

    902KB

  • Sample

    220705-zsep6achfq

  • MD5

    d66ea6735b47272a98cf7ec20bb9a8f4

  • SHA1

    b8ced910cffb3a4623b28ae679572d92d48304f9

  • SHA256

    c5ae818f3e0fe518e0aaadac7b21ba6477943b57465fe2ded1717b7a9f1705b6

  • SHA512

    6abb17878d558d8efdc19aa01aba1fa43648b0e2d193456e12d85e9fbdd5c567df2c43e8a7a204d53c5028aeccc5cec854e385784ed76d06733fed0fe1368ed8

Score
10/10
bumblebee407aevasiontrojan

Malware Config

Extracted

Family

bumblebee

Botnet

407a

C2

106.30.10.152:200

159.107.119.196:466

249.250.158.148:322

202.77.46.110:494

34.34.152.166:165

244.76.41.194:324

134.179.38.71:422

103.175.16.49:443

16.249.204.133:158

231.217.204.87:289

165.84.157.60:302

209.198.142.251:182

78.0.144.134:330

117.17.41.72:459

126.76.167.19:201

217.8.253.10:398

209.141.41.46:443

18.151.45.13:359

97.85.151.94:372

221.184.92.249:392
rc4.plain

Targets

    • Target

      Project requirements.lnk

    • Size

      1KB

    • MD5

      6ca6a8b1a8d781bc91444dc2402d3f58

    • SHA1

      a66015ece818c3c35d0ae8a400ee9c102425186b

    • SHA256

      3926bec362d86edc8fcc4e283d6b93b21108d6b9d194de9fc1108df2944b0319

    • SHA512

      f778da9c3762ceb37b65c6ba6864e6158e44a99eb776108825c02b4bb56dc309ec4998eb66b053cff99984294f49365b6a50bf8e83e07ec58782a80fbdf5b2a9

    Score
    10/10
    bumblebee407aevasiontrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

    • Target

      prjct.dll

    • Size

      1.5MB

    • MD5

      dd9751f48c134f502d5a7a5b39b482be

    • SHA1

      d7ecfa85e28318bd0179d321be7d32c468fc9dae

    • SHA256

      cbef35e0d91b5f169a3bd617c9ebcb3ea025439cb98e3d4a7dbeed4be65b6ef2

    • SHA512

      381889e149f2b49a50f312c47e1e42cefd7bb5eb79013b2ff3213b5161160015f7f75d6b3d4d4f9b07a303599e904433a271fdcada8255e7deb229e8ad6dc6b9

    Score
    10/10
    bumblebee407aevasiontrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral3behavioral4

    • Target

      prjct.rsp

    • Size

      16B

    • MD5

      4080b43f784d55b529bfdaa037f50789

    • SHA1

      9bcde1ef9a7e3fb602572562ca11c24ae64010c6

    • SHA256

      9d7cefe910724cecaefe05a417129eaf537cab95d198cc5b1f0a1d822e810988

    • SHA512

      fd5a879707c13e4a0c324495f332a8277754f2c9af8b6470b976dd7a5a81858047035071e1c7abf4408729817afb6b91092b15b3297252fab04f6fd594ae35b0

    Score
    3/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v6

Tasks