bumblebee | 60ae476aec1a3f6616e0c7895dc315760645d0b576acfc3d37737f82e6fbd48a | Triage

Sharing

General

Target

Archive.zip
Size

2.2MB
Sample

221006-vbrwyahhh2
MD5

092888dcd0e933d0d6fb6029b9a52679
SHA1

7d8f07a5b3ab2dedec326b051f8c85e16b1aa597
SHA256

60ae476aec1a3f6616e0c7895dc315760645d0b576acfc3d37737f82e6fbd48a
SHA512

4fa1bb31df43650de5fbcb837ba7ef24af2eb30d39db8178ca2a5068ce813c20fde7b91b7980e01f798fa235c90a71e24fb0136246de7e0c5171c46e09e1f30b
SSDEEP

49152:0PhEwVqlansnCBESitC9/xpr5qyvWoHj7zkKFteYiBLzbmXOMv:8hlnlAc9/br5d1TSVLzDMv

Score

10^/10

bumblebee 0510 evasion trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0510

C2

51.83.250.102:443

150.125.181.52:443

208.115.216.246:443

192.119.77.44:443

rc4.plain

Targets

- Target
  
  RunDLL-1.bat
- Size
  
  37B
- MD5
  
  7a90cce379f52ea107d00fa548e39018
- SHA1
  
  33438af9a7c7e8d10e4028dcbd772c168298c3a2
- SHA256
  
  608727a7e3ae8591377a6966d2d15f087dd13a5b4668b8d814a8e09b540f4bc3
- SHA512
  
  2a3082e6b1441393a3515612d844ca50204c551453fdd6da46d05cefdb425571d9d58005ac0eb64032e55b5ed4778beca4be885ac34091f85d50c585e0e9f0b6
Score

10^/10

bumblebee 0510 evasion trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2
- Target
  
  overpowering.dat
- Size
  
  3.7MB
- MD5
  
  350102fdb77e5a8486717169d2b95b37
- SHA1
  
  34208084563bc9073936858f2a0b324fe108c931
- SHA256
  
  a3cae87217bc4cfbcc72a6b02b086c85cdb435064c277b36e76a172998f9adb8
- SHA512
  
  95951f0e1f376996c7e1dba9533e64446a9b915e104740a61de66a214e7b1c00c85bf0b437187df44e2aae44d7a361fe27ad3e6b8dccf7667a56892850a624bc
- SSDEEP
  
  24576:/zZvRKkaaoBioEixeKVS0HtSgQa4YDBqxP+XfglvQkTzW0jyTj1IERp1MlF8eZgy:/Nv4Ty2t/Qa4YWcfeqvmIo1bjLJeQ9p
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebee0510evasiontrojan

behavioral2

behavioral3

behavioral4