bumblebee | c8a5e02417285b85da288818cca8a6900122011890fa92c9053787dfb195b8c6 | Triage

Submit
Reports

Overview

overview

Static

static

sample/Document.lnk

windows10-2004-x64

Resubmissions

13-09-2022 06:25

220913-g6tr5aafem 10

13-09-2022 06:22

220913-g48s9seha8 5

12-09-2022 18:09

220912-wrkcgahefn 3

Sharing

General

Target

sample.7z
Size

1.3MB
Sample

220913-g6tr5aafem
MD5

18d4c45fff91cb73b54aa8ad02d52bc4
SHA1

63c2077289271f1789b926e1304c75d0a486e8a8
SHA256

c8a5e02417285b85da288818cca8a6900122011890fa92c9053787dfb195b8c6
SHA512

f1381d4bfd9c1cd20dcd01dde1e461025f52a454fbfe91af0ce414e369fb0d2f951b5aaf79c5284c86201f8368120845860d74be9bac58d638387a422e441912
SSDEEP

24576:Jh++iS8blXCjfYBonNLkSeP5w9xUE9VKknD2mZXBXEUiP8iX+qSPb0w2/8zZAk2k:uSOlSLYqmPEeMKknSU/KXSP08zS4

Score

10^/10

bumblebee evasion trojan

Static task

static1

Behavioral task

behavioral1

Sample

sample/Document.lnk

Resource

win10v2004-20220812-en

bumblebee evasion trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  sample/Document.lnk
- Size
  
  1KB
- MD5
  
  c6604e76ee959ef592e0c08bc556f3ab
- SHA1
  
  a68c9ce3ee38d020d165dd253105c542eccb2f9c
- SHA256
  
  b7c88bbf7004fe5e570c6db2730d773d0e782bebb8ab21a00309b663a95f52fb
- SHA512
  
  f428eeab9fe8dffa455de4fc45a1d1b48ec4bf7fffdfb2a8f1366cbeed821f0b47e8754ec5c03f9939ebab7b07ff7ff872042b3a77db0273567c7830ba652f82
Score

10^/10

bumblebee evasion trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebeeevasiontrojan

© 2018-2025

Terms | Privacy