bumblebee | 091bd738da3c006d6a2484b7f98702bd9de63780d53c8af99f7a4c57ac05869e | Triage

Submit
Reports

Overview

overview

Static

static

invoice.img

windows7-x64

3

invoice.img

windows10-2004-x64

Sharing

General

Target

invoice.img
Size

3.8MB
Sample

220914-k5nfhahgc5
MD5

7cb4f9414c3012a937437509e0b67478
SHA1

1b14a60cfad25c27191a4630e08b55a63c1ad86e
SHA256

091bd738da3c006d6a2484b7f98702bd9de63780d53c8af99f7a4c57ac05869e
SHA512

aeaeb3db36dcfdf651658e91dcde226127adef433272d4b16b1bf2cf10f066baf2c94cf8bcf248fb6c6d53a2a97179cedd1959a42ece7d2c1beb99bae1d5c5c9
SSDEEP

98304:EHRol0dMODe4hTMJdbmzT82KK+6nkRq9qczLSS:EHRo0Mui6f82KYkReFT

Score

10^/10

bumblebee 25html evasion trojan

Static task

static1

Behavioral task

behavioral1

Sample

invoice.img

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

invoice.img

Resource

win10v2004-20220812-en

bumblebee 25html evasion trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

bumblebee

Botnet

25html

C2

23.83.134.136:443

138.201.190.52:443

rc4.plain

Targets

- Target
  
  invoice.img
- Size
  
  3.8MB
- MD5
  
  7cb4f9414c3012a937437509e0b67478
- SHA1
  
  1b14a60cfad25c27191a4630e08b55a63c1ad86e
- SHA256
  
  091bd738da3c006d6a2484b7f98702bd9de63780d53c8af99f7a4c57ac05869e
- SHA512
  
  aeaeb3db36dcfdf651658e91dcde226127adef433272d4b16b1bf2cf10f066baf2c94cf8bcf248fb6c6d53a2a97179cedd1959a42ece7d2c1beb99bae1d5c5c9
- SSDEEP
  
  98304:EHRol0dMODe4hTMJdbmzT82KK+6nkRq9qczLSS:EHRo0Mui6f82KYkReFT
Score

10^/10

bumblebee 25html evasion trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bumblebee25htmlevasiontrojan

© 2018-2025

Terms | Privacy