Overview

overview

10

Static

static

Invoice_51...DF.iso

windows7-x64

10

Invoice_51...DF.iso

windows10-2004-x64

3

documents.lnk

windows7-x64

3

documents.lnk

windows10-2004-x64

3

refreshene...al.dll

windows7-x64

1

refreshene...al.dll

windows10-2004-x64

3

refreshene...le.vbs

windows7-x64

3

refreshene...le.vbs

windows10-2004-x64

1

refreshene...us.cmd

windows7-x64

1

refreshene...us.cmd

windows10-2004-x64

1

Resubmissions

04-10-2022 07:33

221004-jdj4bshec6 10

04-10-2022 07:27

221004-h97ntshcg8 3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    iorq.zip

  • Size

    1.4MB

  • Sample

    221004-jdj4bshec6

  • MD5

    9049310d8409a1462a3ceec749653a87

  • SHA1

    410d4bda0a67b7840dc51649e966d91962d7ccd3

  • SHA256

    f7359c0753f90c0d86f77052ea05029ef644c7aa0a51cef4c92a193985e32c6d

  • SHA512

    a4c8e85cf1afea32ba14feef8cc84e4eaa84d0606d3b2145fb18009cbcd971821a4957e507bf60fdffe405b7374fde2a44a599eac7ddd93272fb17e2d8fb409e

  • SSDEEP

    24576:Pg6HSMhU5sJKMTZWs9cMDz32IEPCoZd7F5hxUBs34VXygBmtAM7Qah2oO6/YSV:DSMuCJPTZWUckmpPF7diBs34l9BCAM73

Score
10/10
bumblebee0310evasiontrojan

Malware Config

Extracted

Family

bumblebee

Botnet

0310

C2

192.119.74.28:443

54.38.138.5:443

45.141.58.37:443

146.70.147.39:443

146.70.149.48:443

103.144.139.158:443
rc4.plain

Targets

    • Target

      Invoice_5192_october_PDF.iso

    • Size

      3.1MB

    • MD5

      be78cdcec94c8840177f6ff4aee34308

    • SHA1

      affe6055e02f6810b5824f1f310a2a4eb19db1e4

    • SHA256

      17da2f6eafb65540a89058b0b285a34c9dad8772eeecca92dde03f9560b3e76d

    • SHA512

      71170b9638d4ef1a9294b071696c241691938e9e9b8c8be682eeb386cbbf96bcc91e910468e2c6a834e74a09c7f6eb20f15a0f3e1b7b5938ae3fd27c45ff7fdf

    • SSDEEP

      49152:mHUV3vWVjM+Ajfsa7w7O66nh3+fKsWxN5lqyMR3yxyMy96Tc7TB1wcSIllyFzxk1:UVIcdi33LV

    Score
    10/10
    bumblebee0310evasiontrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

    • Target

      documents.lnk

    • Size

      1KB

    • MD5

      021d0df9835fec97fb0b9a0ac93ccaa1

    • SHA1

      6d7d2a1f0017c2caed6f69a77a8cbbd2d11aa0a8

    • SHA256

      20fab23051c67fd9ecc6f14ede135cf2a3b0bab2ef974f3e5fc89495dbf36a4d

    • SHA512

      b78dd8dc602899cc2d78dec64c987a1fe84ec6e696cef71985bdc6d926361226c0997ae778760c9939be4dc49a400417e1a6f262360e75be709c578b788c76bd

    Score
    3/10
    behavioral3behavioral4

    • Target

      refresheners/autobiographical.dat

    • Size

      2.7MB

    • MD5

      1f8a276f8c558eba60adee90f88821be

    • SHA1

      ff9cc5f3867b8a4418e96bdfeec628bf41110167

    • SHA256

      96c8e47f2ad4259caf4a0e1742debb694e43f582f0c945f588b312c2e24722f3

    • SHA512

      aa6ca4fae1ee694b061ffafa7ef95ae6c2511735b411236a4b8b3b39e3e9076015d7f895151e39503f414eeb71b4d177433ed84db03a12c20ed73f510b695861

    • SSDEEP

      49152:3HUV3vWVjM+Ajfsa7w7O66nh3+fKsWxN5lqyMR3yxyMy96Tc7TB1wcSIllyF:7VIcdi33LV

    Score
    3/10
    behavioral5behavioral6

    • Target

      refresheners/dispiritedlyComprehensible.vbs

    • Size

      233B

    • MD5

      01ac2201a89140821c50dddb9fd5a436

    • SHA1

      82985653fafbf8340e6334a5db824b25265cd1dc

    • SHA256

      2b500742fdaa603a9d4d41b43aa82ba2947b2d5976b0879fbc20b3b6b666d767

    • SHA512

      382dc6cb333c026a3d8b427b812ebe7c394c29da32d92c693637f618c9c74083b48cacba46a7734f4230b1cd3a08c4e96cb7d540b74d1abc9e29c8399feedd41

    Score
    3/10
    behavioral7behavioral8

    • Target

      refresheners/unthinkableIsthmus.cmd

    • Size

      64B

    • MD5

      e29a004525f8f44bce1ca1945a6760c0

    • SHA1

      c8b9e9c41671f8034d5ccd416b0989e179902a3f

    • SHA256

      cc7d471fb669e662886795b32068207bb33f4cc993329bcdec988df59c4838d0

    • SHA512

      842971f345ac563f5b4fb54ea7873276867db1191d6aa7d90217111a01b61b3471d867b617af929b29db9c3afca9964342328bbeee7c7acebbb73153ad64e92d

    Score
    1/10
    behavioral9behavioral10

MITRE ATT&CK Enterprise v6

Tasks