Overview

overview

10

Static

static

run.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bum.zip

  • Size

    1.5MB

  • Sample

    221004-ghn7qseecq

  • MD5

    48fe6d2342dcb64e969ec3223b6f9784

  • SHA1

    e14af464ff0c0371275ca277881abee7ef7f0f68

  • SHA256

    1b873250e2d0374d7d2cc5ae6bbfbb8d445fbea18ad944873221d21275154fd8

  • SHA512

    1bf7dccd0c36dc530e97a5b2416dd74bba8c6b6d4dc581c96f1174da342092b0335ab0816b8e3c6bbf15dfbcdafe02fefb904de56fe558e13c98aeb95fdd22f8

  • SSDEEP

    49152:ekURV/o2MUtif3A2fBMv1vX/0vtzNJ+ZJzv9RdE0:YRV/iUa3uv1vX/E5SF5E0

Score
10/10
bumblebee0310evasiontrojan

Malware Config

Extracted

Family

bumblebee

Botnet

0310

C2

192.119.74.28:443

54.38.138.5:443

45.141.58.37:443

146.70.147.39:443

146.70.149.48:443

103.144.139.158:443
rc4.plain

Targets

    • Target

      run.bat

    • Size

      67B

    • MD5

      ef46329eecc2c91c386b561028302235

    • SHA1

      50d5ce8dc61801dbd8b6f04c7eeb0b798cca3729

    • SHA256

      9bcf2e5aa71263a581ab230e9101f21da63fc8a41f49bca7e4712192a71dc2eb

    • SHA512

      ae8ce210d8008b6f1c04ae7271368e8b716393ac0d50ded0e68429c5a2c51a210412fe7e17f174039475442b4749ad1beb8adce5988d359c09abf7f1b99492d7

    Score
    10/10
    bumblebee0310evasiontrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks