bumblebee | a035499bec49b0cc817c1b28c54c3e54bf32da37ead102ddcecc774b78f787cc | Triage

Submit
Reports

Overview

overview

Static

static

Invoice_10...DF.iso

windows10-2004-x64

Resubmissions

08-10-2022 17:42

221008-v99veafbb9 10

08-10-2022 17:07

221008-vmz2pafae6 0

Sharing

General

Target

Invoice_10-05_order_243_PDF.iso
Size

5.1MB
Sample

221008-v99veafbb9
MD5

7ac101af437a95d3c807b700cea04b5c
SHA1

fd13343f8385faf32457f68759f53d64933e08f3
SHA256

a035499bec49b0cc817c1b28c54c3e54bf32da37ead102ddcecc774b78f787cc
SHA512

c4ccfb59ce8e7e4ddc7e220e54775ea6132f1f471c7caefecae58bac4113ca77918aa4a65d782503c7f1c76a619a9bec5394a999f0bb6fd69b3feb6a36c12c01
SSDEEP

49152:2i85Zvppa5zh0ldtkedFfzgoOxP0Jh44m:Fao9h6diYhaxP0Jh44m

Score

10^/10

bumblebee 0510 evasion trojan

Static task

static1

Behavioral task

behavioral1

Sample

Invoice_10-05_order_243_PDF.iso

Resource

win10v2004-20220812-en

bumblebee 0510 evasion trojan

windows10-2004-x64

14 signatures

300 seconds

Malware Config

Extracted

Family

bumblebee

Botnet

0510

C2

51.83.250.102:443

150.125.181.52:443

208.115.216.246:443

192.119.77.44:443

rc4.plain

Targets

- Target
  
  Invoice_10-05_order_243_PDF.iso
- Size
  
  5.1MB
- MD5
  
  7ac101af437a95d3c807b700cea04b5c
- SHA1
  
  fd13343f8385faf32457f68759f53d64933e08f3
- SHA256
  
  a035499bec49b0cc817c1b28c54c3e54bf32da37ead102ddcecc774b78f787cc
- SHA512
  
  c4ccfb59ce8e7e4ddc7e220e54775ea6132f1f471c7caefecae58bac4113ca77918aa4a65d782503c7f1c76a619a9bec5394a999f0bb6fd69b3feb6a36c12c01
- SSDEEP
  
  49152:2i85Zvppa5zh0ldtkedFfzgoOxP0Jh44m:Fao9h6diYhaxP0Jh44m
Score

10^/10

bumblebee 0510 evasion trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebee0510evasiontrojan

© 2018-2025

Terms | Privacy