Overview

overview

10

Static

static

run.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bum.zip

  • Size

    2.2MB

  • Sample

    221006-knb15sggb8

  • MD5

    d5e0431ab359e5c7ac4815aa89149baa

  • SHA1

    69fcd8049d1c6b4153db99ad8a3d31889de623ec

  • SHA256

    83b4e47778f67b87714f0f7f3071b72e88582cfb324b6d5ca031213311ad6ae2

  • SHA512

    d1f2740f3c262cd5b2ae9360f1ecb8c172a0767716946b70e3ca851fb86a150c1c3bae2e8066edcf688e459793b59e0957294427a000c5eebc61b2a4beefb9f4

  • SSDEEP

    49152:OoF1x9TNdS1CnijfZ8PmuWBRKplgJzrgzcT65FHCO3lNe7+B0:j1xfdS1SMSPmuGAlgJXgzcKCeo7H

Score
10/10
bumblebee0510evasiontrojan

Malware Config

Extracted

Family

bumblebee

Botnet

0510

C2

51.83.250.102:443

150.125.181.52:443

208.115.216.246:443

192.119.77.44:443
rc4.plain

Targets

    • Target

      run.bat

    • Size

      67B

    • MD5

      88b70022e95f95d40d0db15dfa5645fe

    • SHA1

      b115f63938e89369cb3559ab15a963402a656213

    • SHA256

      09243b605fb44265e2bd7251ef929986509930171e7bbb7835773ea819342259

    • SHA512

      6c8bf631171a91f23f9c237fc8ff5291d13a5f21a29a8332ea83304760ce86beddbdac1396f0467901a4fc1db9ace1517c2b5d1cd65604e1f944602402ba5b91

    Score
    10/10
    bumblebee0510evasiontrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks