Overview

overview

10

Static

static

Invoice_09...57.iso

windows10-2004-x64

10

Resubmissions

28-09-2022 17:46

220928-wcfezahghq 1

28-09-2022 17:45

220928-wbw2bsgga4 1

28-09-2022 17:41

220928-v9h2pagfh3 3

28-09-2022 17:38

220928-v7n5xshggr 1

28-09-2022 17:33

220928-v4vtasgfg2 1

28-09-2022 17:30

220928-v3f9hshggk 1

28-09-2022 17:23

220928-vyaaeahgfk 10

28-09-2022 17:13

220928-vrh9qshgdq 1

28-09-2022 17:10

220928-vpztpshgdn 1

28-09-2022 17:08

220928-vnl68ahgdk 3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoice_09-12-22_order_157.iso

  • Size

    4.2MB

  • Sample

    220928-vyaaeahgfk

  • MD5

    b1938ffbd6dcc69183382302604e84e5

  • SHA1

    6d9984400b133cf92289d8ccd129f5d7133ce268

  • SHA256

    b47bad8968dbe798ac7dc1a5648206c1819160ecd68449d9dd82ba19a0296288

  • SHA512

    736e695281ed259e616d0862c64ebff16cd845767e5998162f0e7e0fe0161a0be037d17be5beb8ccade317008004880b834dab851cff04897bfa434995d33a3c

  • SSDEEP

    49152:PA4O7LDVaMxLT7IHXcnfwYcoAVGnUmEd70dl4ievKgTN:PAZD3SYUmE2dl4jK

Score
10/10
bumblebee1209evasiontrojan

Malware Config

Extracted

Family

bumblebee

Botnet

1209

C2

142.11.211.32:443

146.59.116.49:443

192.236.155.219:443
rc4.plain

Targets

    • Target

      Invoice_09-12-22_order_157.iso

    • Size

      4.2MB

    • MD5

      b1938ffbd6dcc69183382302604e84e5

    • SHA1

      6d9984400b133cf92289d8ccd129f5d7133ce268

    • SHA256

      b47bad8968dbe798ac7dc1a5648206c1819160ecd68449d9dd82ba19a0296288

    • SHA512

      736e695281ed259e616d0862c64ebff16cd845767e5998162f0e7e0fe0161a0be037d17be5beb8ccade317008004880b834dab851cff04897bfa434995d33a3c

    • SSDEEP

      49152:PA4O7LDVaMxLT7IHXcnfwYcoAVGnUmEd70dl4ievKgTN:PAZD3SYUmE2dl4jK

    Score
    10/10
    bumblebee1209evasiontrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks