bumblebee | 26f9526506e03ed55f7273a962ed90af8ce429242bcdf10380b638f47921b1e9 | Triage

Submit
Reports

Overview

overview

Static

static

document_i...88.iso

windows7_x64

document_i...88.iso

windows10-2004_x64

8

Sharing

General

Target

document_invoice_0706-488.iso
Size

2.9MB
Sample

220706-vdbbzahbg9
MD5

e67c33a21267bbdabc7da8a26dba9b43
SHA1

0c611820e514c3408744785e16703e987bcdcdfc
SHA256

26f9526506e03ed55f7273a962ed90af8ce429242bcdf10380b638f47921b1e9
SHA512

22f7a1c3c0036c1c924a679630b645c402022953d4060947d5b87f0cbbd89fdac9239ee66267597d84f62dd42e76ea7edf3fc4e27e94626afddef63037aa6ec0

Score

10^/10

bumblebee 507r discovery evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

document_invoice_0706-488.iso

Resource

win7-20220414-en

bumblebee 507r discovery evasion persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

document_invoice_0706-488.iso

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

bumblebee

Botnet

507r

C2

146.19.173.184:443

41.15.71.157:274

66.9.9.138:154

36.201.196.202:367

173.200.61.240:100

116.241.116.41:410

242.232.106.206:162

10.195.46.61:489

249.112.226.98:243

130.242.219.205:423

154.56.0.113:443

179.5.59.188:228

217.246.42.10:346

169.197.227.201:474

231.228.102.246:186

185.165.82.120:182

74.230.15.244:376

94.88.121.46:403

120.181.249.142:177

138.141.158.45:217

128.79.29.175:298

104.168.200.192:443

196.168.84.24:372

143.27.231.233:335

133.99.126.202:263

222.202.140.206:438

117.172.191.115:471

158.208.5.127:269

218.155.13.204:130

219.110.187.248:435

209.244.102.105:112

23.19.58.212:443

4.177.13.86:289

204.223.28.129:424

246.134.183.74:364

165.132.190.127:368

89.159.155.176:455

185.69.113.39:124

47.26.53.19:195

41.70.42.112:452

74.219.241.225:481

66.15.189.146:122

28.23.200.103:366

159.248.192.111:424

170.88.0.154:120

79.196.23.192:106

146.70.106.76:443

249.57.205.117:166

62.82.188.190:234

221.131.148.148:357

206.245.228.10:133

51.68.146.186:443

118.89.112.82:338

116.205.234.96:247

205.160.222.15:274

rc4.plain

Targets

- Target
  
  document_invoice_0706-488.iso
- Size
  
  2.9MB
- MD5
  
  e67c33a21267bbdabc7da8a26dba9b43
- SHA1
  
  0c611820e514c3408744785e16703e987bcdcdfc
- SHA256
  
  26f9526506e03ed55f7273a962ed90af8ce429242bcdf10380b638f47921b1e9
- SHA512
  
  22f7a1c3c0036c1c924a679630b645c402022953d4060947d5b87f0cbbd89fdac9239ee66267597d84f62dd42e76ea7edf3fc4e27e94626afddef63037aa6ec0
Score

10^/10

bumblebee 507r discovery evasion persistence trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebee507rdiscoveryevasionpersistencetrojan

behavioral2

© 2018-2025

Terms | Privacy