bumblebee | 32d3c8a61ba7a61d1f7466a4a60f7b52bb9bb0e6d000418da5cce79831f55a8c | Triage

Submit
Reports

Overview

overview

Static

static

GfsFepFIKsNGpt.dll

windows10-2004-x64

Resubmissions

13-10-2022 01:21

221013-bqxk7aadg4 10

01-09-2022 11:01

220901-m4kdkacfcm 10

Sharing

General

Target

GfsFepFIKsNGpt.dll.exe
Size

1.7MB
Sample

221013-bqxk7aadg4
MD5

14da4c2df839237771865372ce4eee25
SHA1

5b0c15e551f989d1702478a50da3fac5bd3dff87
SHA256

32d3c8a61ba7a61d1f7466a4a60f7b52bb9bb0e6d000418da5cce79831f55a8c
SHA512

dd480f58734d0b5d1b53af599ca665422b1268263bceccd12b9103d95a4554b7b4b781af18eafefc3ba5713ad4cd18ba1513046bad10e7126894bca2761ece17
SSDEEP

49152:7mWxtD5wWHxLrApxq7pMKEngsfyJllGVeTQKP7:7vxtD66xLrsxIpMKEngsfyJllGVeTQKD

Score

10^/10

bumblebee 3108 evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

GfsFepFIKsNGpt.dll

Resource

win10v2004-20220812-en

bumblebee 3108 evasion persistence trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

bumblebee

Botnet

3108

C2

64.44.102.36:443

51.83.249.204:443

146.70.106.163:443

rc4.plain

Targets

- Target
  
  GfsFepFIKsNGpt.dll.exe
- Size
  
  1.7MB
- MD5
  
  14da4c2df839237771865372ce4eee25
- SHA1
  
  5b0c15e551f989d1702478a50da3fac5bd3dff87
- SHA256
  
  32d3c8a61ba7a61d1f7466a4a60f7b52bb9bb0e6d000418da5cce79831f55a8c
- SHA512
  
  dd480f58734d0b5d1b53af599ca665422b1268263bceccd12b9103d95a4554b7b4b781af18eafefc3ba5713ad4cd18ba1513046bad10e7126894bca2761ece17
- SSDEEP
  
  49152:7mWxtD5wWHxLrApxq7pMKEngsfyJllGVeTQKP7:7vxtD66xLrsxIpMKEngsfyJllGVeTQKD
Score

10^/10

bumblebee 3108 evasion persistence trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Modifies Installed Components in the registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebee3108evasionpersistencetrojan

© 2018-2025

Terms | Privacy