Overview

overview

10

Static

static

submit/enchanting.dll

windows7-x64

3

submit/enchanting.dll

windows10-2004-x64

3

submit/loader.bat

windows7-x64

10

submit/loader.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    submit_sample.7z

  • Size

    1.3MB

  • Sample

    220912-wx3e8shegk

  • MD5

    7194190f175e9f651e294969555384f7

  • SHA1

    1990251472b6b53b52c0cf2336ca5e3fe0f1b878

  • SHA256

    d885c21de4dec53116d41f097f8c538e72ed7a9c967fa5d47e9e800fcc79c5ca

  • SHA512

    06bfdd49f534ae5394509889878be68d25bca691c7d3a79ba7e54f932d498aafc782354770db33cd1b2966cd66eb3bc281b14c95a01938632721acb6f4cba182

  • SSDEEP

    24576:qTexCf23iMOlw2PVAlAJxsFeeYCrVSFfibKFvt6mpYoU:we8f2yDwKA8xs0eppif95tXYL

Score
10/10
bumblebeeevasiontrojan

Malware Config

Targets

    • Target

      submit/enchanting.dat

    • Size

      2.8MB

    • MD5

      dc7992c5d6c2518464ee8d8f2c509b32

    • SHA1

      d8866baf07a5dab2f407439ca5f7909e2bb6c461

    • SHA256

      d11d07a44788e6b71ff138b96caeb4e81adbbcceee74ac809264bfae7667ed66

    • SHA512

      e11630d07d2a9bc53c7ec4812c7b09ac961d808c08b433225b3920d11e89f752109038f7d6d1e630e8e01b21be51ac8451ce46c7e33dc4cd9d75b1bcb8272180

    • SSDEEP

      49152:UB6vxhwKXnR/Be0qCUrBdBhs64cOYjBNMHmug7Lx:UB6vxhgAYDMgLx

    Score
    3/10
    behavioral1behavioral2

    • Target

      submit/loader.bat

    • Size

      44B

    • MD5

      2ab322b35e0944443a021becf3c21c88

    • SHA1

      99bf8943e83426f27e345ca2041426ab3f6e2de8

    • SHA256

      f14048c16dafed03569f214c71f3d6f135c5ced806a5564133e755bb4be254a8

    • SHA512

      79f35ed5d95fabf000a5081512d50d764c99c0d6e2487d1551dc42534bed93ca00516b56ed0a672c67e1544bc739ea396acce60259841f585cd3a00029703793

    Score
    10/10
    bumblebeeevasiontrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks