Overview

overview

10

Static

static

run.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bum.zip

  • Size

    2.2MB

  • Sample

    221006-tgnwsshgh9

  • MD5

    f903a94587b9abcad551cd735f03815d

  • SHA1

    8ae3d2f340032987bf9578783af4189d1cd8cf58

  • SHA256

    69f3491570b3f4000ec94ea16cc55b57f868c23997a975a87e2c0d4e6793c1f3

  • SHA512

    e51498d778c1ae44a4831abe27ce959c2184cba4decd793cb6808fa79396baf3efed87e070da17b9e7aba77cbe9163b7bdb1f02c484a77b9fe6f35a423fe4e90

  • SSDEEP

    49152:rSZaeYeTIK4klJ27R9/oINGUwuaK+eUkJO8Gdk6vifrFmN9C+kJjYld99S:rSQHK4kDGsINLXN9JOddk6vifryYMjjS

Score
10/10
bumblebee0510evasiontrojan

Malware Config

Extracted

Family

bumblebee

Botnet

0510

C2

51.83.250.102:443

150.125.181.52:443

208.115.216.246:443

192.119.77.44:443
rc4.plain

Targets

    • Target

      run.bat

    • Size

      71B

    • MD5

      6591003f2457cf895f742d17568406e8

    • SHA1

      932cb57597a6c1fd06a807300e0f1cea9f49b600

    • SHA256

      57ca398e9f0210ed459827c01ab10574626693873ae3e1ff6acf2f635caab2b2

    • SHA512

      10c0ab917cfe6f8432ab291a44eda0a0cf47a1800030fc40984a3d8e0955f0367625bb0288aa10ed341fd12f35dbd7b7b05b602aa7f22d10257c05fca17669a2

    Score
    10/10
    bumblebee0510evasiontrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks