Overview

overview

10

Static

static

run.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bum.zip

  • Size

    2.1MB

  • Sample

    221006-wrhtmsabb9

  • MD5

    90021077b3f82a39b4ee5755137ababe

  • SHA1

    13f515cf1b5171b82152e5c8973ddf3b09d85d4b

  • SHA256

    5e4f8119391d3d00a1de7b8374c25e9e943b3a41e226b41abe4bd0e86356160d

  • SHA512

    c2a4d2d17c2a5bea25f71347f6b169abe2023f87680a12f4261540909f9ef1e5a5272cab3a2632443ca78a968105e77fb7b736d317e8ae727bced6e78575b2ea

  • SSDEEP

    49152:R9T2LRN+eG2KtT8QvyyyCgLM+FNWk9savVpPTEKLq5Eu:TQYeqKC1+FjfbPTdcD

Score
10/10
bumblebee0610evasiontrojan

Malware Config

Extracted

Family

bumblebee

Botnet

0610

C2

45.147.231.156:443

208.115.216.246:443

23.29.115.164:443

45.61.186.18:443

51.83.250.102:443

192.119.77.44:443
rc4.plain

Targets

    • Target

      run.bat

    • Size

      70B

    • MD5

      e08d2741b47c394f4866db651f977f9a

    • SHA1

      84a5da4c4f57c2361ab1ec301ef017c83b9faf43

    • SHA256

      50051db5b2341c24960e5ae3287ec05d6ccf48164c915768d20943d8f6d95b68

    • SHA512

      e89f14f12bca8cb2a71df4973aa3414630ba717aa7214d1d9cd5504a5c34c26f4d8b46df2cd3572f152e5bf5de97b2b55d8fc5f9ece33f750654e36b45fed685

    Score
    10/10
    bumblebee0610evasiontrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks