Overview

overview

10

Static

static

RunDLL-1.bat

windows7-x64

10

RunDLL-1.bat

windows10-2004-x64

10

commissioning.dll

windows7-x64

3

commissioning.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    archive.zip

  • Size

    2.2MB

  • Sample

    221006-x1d3gsacf9

  • MD5

    d6b39479f866124ad65d01fe2af4bd42

  • SHA1

    7313f4e49deea8c1aae604a1ad52544226a262c1

  • SHA256

    f0fcd5ac8a1d9b9a20f29067fdc35655c5cae9c5f93c349ada658937bf280957

  • SHA512

    48cd0d112b835767acb945c1037969ac56f71182492b2ecc19c2fa5b64f58fbc257c76a3e85bc448c60d989bc95a2dd761c8d2efcd4dae520682df32176db8f5

  • SSDEEP

    49152:WUmoS9VjrEQ/L16jF2TDvADVzKiv+DAifElMah3dkMpRlXft2:CoyV9BWCIgrfbah3dkMlft2

Score
10/10
bumblebee0510evasiontrojan

Malware Config

Extracted

Family

bumblebee

Botnet

0510

C2

51.83.250.102:443

150.125.181.52:443

208.115.216.246:443

192.119.77.44:443
rc4.plain

Targets

    • Target

      RunDLL-1.bat

    • Size

      38B

    • MD5

      0eae2d10e50f41f835e0a936d51aeecb

    • SHA1

      659fa2dd0c9595495bb2cfbe84b7377bf3f9dff4

    • SHA256

      97bf1020a4db537f06ee1f753b30ffae973fccec68171105e015a3b3f9eef694

    • SHA512

      b23e4d177c9821d6ac9420113c62b9e7f4490c3f96c69971ec328b46956510a7b2eb6d2a8192fc6680487d90bc992be6db7d65a52ca9d00f0c66b9850bb14dc1

    Score
    10/10
    bumblebee0510evasiontrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

    • Target

      commissioning.dat

    • Size

      3.7MB

    • MD5

      170c7ca255d7ce77e23498933df31cd2

    • SHA1

      093923c688c1d6d4bf9d9c781fa64751dcf621d4

    • SHA256

      00d6a7b3e55650edd7a9470e6ceb20f8dab0bf86e6c315bacdcb5507dd935619

    • SHA512

      7becad96463491f51e9715752fdd572eef640665c3171b897d5157fe079fd482a4f551f0e8c04107aa07eb98914f0bae45379c2301361bee3560ed997c16ebfa

    • SSDEEP

      49152:cup4HuD5bdkpbMRK4M8Z0YU8aOPFQ5OdFPEZ:ci4OFdOMRK4nKYU8PFp

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks