bumblebee | 428b46215b5c992fd7aa4d3e6edabce901928bad7231050eda6b1a64344e5854 | Triage

Sharing

General

Target

Malware-1.zip
Size

1.6MB
Sample

220921-amhr7aeff2
MD5

680c19b0ecfc417961d2c0d2d1588a09
SHA1

13b0d65325d029a47e8700814799be54046f8ce6
SHA256

428b46215b5c992fd7aa4d3e6edabce901928bad7231050eda6b1a64344e5854
SHA512

ea1db3b45fe38508234df04d83b31c3f0a48b31839fbbbaa84aa12829f52d76c63d2227fff7e26fe7c279ede28bf939b2718bd47e9d0874ab2a6d9af98633d20
SSDEEP

49152:k9EzpqzbJQntGg5Iqq/YbOcXDqYVCmNxwsSr:kACbJgoQpq/YKczq6Cmzm

Score

10^/10

bumblebee 1909 evasion trojan

Malware Config

Extracted

Family

bumblebee

Botnet

1909

C2

108.177.235.29:443

23.106.160.117:443

23.106.215.133:443

rc4.plain

Targets

- Target
  
  Run-DLL.bat
- Size
  
  34B
- MD5
  
  396374ee917bc1abedd996c8152a4454
- SHA1
  
  dd69c36489b15a4057d8cceef4b1ff3fad4f8a2a
- SHA256
  
  5663fcbbdbfdd1b78cee360919363009cdeaa58189ce5aec87d2014f02cc4001
- SHA512
  
  3a3e3e7015a9818741d0641538bf6b0f77066b206ebc0f8b76127386b79ab05993ebb9a35767f22bac02540ec6d6a686c8ed28c51706b4b4e7f9c7faa1012b5d
Score

10^/10

bumblebee 1909 evasion trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2
- Target
  
  nWysXc.bin
- Size
  
  3.6MB
- MD5
  
  3ad465cc538b57026aa28b1157885621
- SHA1
  
  1715b6a42f9cd1ed6ac0789d3255d9cb5b83bb74
- SHA256
  
  8fbe7927d62938479125474d0e634c5e50d88a47beb6e802d5ca8ef52cd3c021
- SHA512
  
  22425364d813bfcb58ac87cec9f575265fb2b26046dab664bcda649a598e0cd05b9e84d7fe32ae7471d3f3882eb0f931de7bdd318debd2c7f54fe332a824edbf
- SSDEEP
  
  24576:2BeR8J1ZadeRT8E/xRm8P2IHzYQEitobudhkIJvHadqG6p02Pd0p7OMlh72Mm3Dl:4i8JradeRQG
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebee1909evasiontrojan

behavioral2

behavioral3

behavioral4