Overview

overview

10

Static

static

Project re...ts.lnk

windows7_x64

10

Project re...ts.lnk

windows10-2004_x64

10

upload.dll

windows7_x64

10

upload.dll

windows10-2004_x64

10

upload.rsp

windows7_x64

3

upload.rsp

windows10-2004_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    wetransfer_20220707.zip

  • Size

    958KB

  • Sample

    220707-tms3psadgk

  • MD5

    cb0ae8ff243858fb859baae3958374c0

  • SHA1

    afcd71afe777378450494bba27e0edd4180ec084

  • SHA256

    683abb021663dcd0b79991ae0838a3ad92361127093860da39f09bc255fda3f1

  • SHA512

    de13c0f170b1bd0990368e76208839a5d96e6221ef20df0a29957b694e37484ca795c5cc2d650d79e9e59fc629c24bb9709d3a09a603f965a31f25339f7d52c5

Score
10/10
bumblebee707aevasiontrojan

Malware Config

Extracted

Family

bumblebee

Botnet

707a

C2

172.240.175.194:183

171.85.135.192:358

223.7.203.157:407

45.153.242.183:443

211.68.220.197:102

174.119.130.65:369

202.41.22.30:314

58.10.113.168:308

12.33.69.160:285

205.185.123.137:443

112.188.178.13:332

168.205.228.104:480

83.218.135.147:151

228.175.209.140:269

240.114.36.128:411

8.109.227.172:304

142.11.245.185:443

214.233.117.120:167

198.135.200.7:254

73.74.56.146:272
rc4.plain

Targets

    • Target

      Project requirements.lnk

    • Size

      1KB

    • MD5

      0b97b19bd8dd2e986089e3453d4cbee4

    • SHA1

      5a51fd8005b627172baf7fde880a80d2ec6384a0

    • SHA256

      82d421e750608b1f2005400cdd0e00ef9e43347851495a21091da04f4d689188

    • SHA512

      b87f532e712e3cc01f37ab7ca3a7e6411c5d24df4c8fc3a608c7c267de83d1f15373a8acd3381bc3d62d2cccb92c3ed982db3feb02837e5941fe117522476076

    Score
    10/10
    bumblebee707aevasiontrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

    • Target

      upload.dll

    • Size

      2.0MB

    • MD5

      d7bb608a3b370fa7f457b4e89bbdb594

    • SHA1

      0c82220151415e6cbce25d2615d29f4352e0ecd5

    • SHA256

      f0fdc0b64b747f348a87a382ff5dfe016107f95ab5953318cc8d9548a983efd1

    • SHA512

      10c16d38e7fc6b8ccf9e023f50ae3600790d225ad5b170f4f76eb0d3c47d0cd3e01047fe89f7788cd482277ad91477bc369ab7e2a93acc7005f7cc9e7a8f2dd0

    Score
    10/10
    bumblebee707aevasiontrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral3behavioral4

    • Target

      upload.rsp

    • Size

      17B

    • MD5

      b053c0e000f7e180373cc4cdd0b2d1a4

    • SHA1

      1d630bae1c6fc2436176525f7979b0fac2c69fff

    • SHA256

      318887f05b4e2ec26742ba1df615ff1e661bca837107a0efe24da0ce96b705f5

    • SHA512

      c3edf015cf9b266839b6affb4f58173367606a91e438e792fed847dabf6b5a897641236e92d76b2502ee01c0e6340eadcb9aa6c81bf4d7c870ce2aef2d65d4c5

    Score
    3/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v6

Tasks