bumblebee | e81f4b65fb98623c6be24865728e0e894403738cd4413d372da32fcfe3c6a1f5 | Triage

Submit
Reports

Overview

overview

Static

static

e81f4b65fb...f5.iso

windows10-2004-x64

Sharing

General

Target

e81f4b65fb98623c6be24865728e0e894403738cd4413d372da32fcfe3c6a1f5
Size

3.2MB
Sample

221027-sb3bkacehk
MD5

2d10e35ba9ba3cba78d59a276708efae
SHA1

17500c2931c8a1398c7a303fb4a11ce92b07b148
SHA256

e81f4b65fb98623c6be24865728e0e894403738cd4413d372da32fcfe3c6a1f5
SHA512

7319045bd51600bf5dbbdd275943358e67ae5ea4925d39eab5a2a8f5eadd903302bf91cf37b7d37e673db00ac057cc07e13799185f862f3ebffc0de7f20c3351
SSDEEP

49152:fWsNTq3iNJhyavhqaUq5AXWm9KhyyLrgbOww:fW

Score

10^/10

bumblebee 2510 evasion trojan

Static task

static1

Behavioral task

behavioral1

Sample

e81f4b65fb98623c6be24865728e0e894403738cd4413d372da32fcfe3c6a1f5.iso

Resource

win10v2004-20220812-en

bumblebee 2510 evasion trojan

windows10-2004-x64

19 signatures

300 seconds

Malware Config

Extracted

Family

bumblebee

Botnet

2510

C2

69.46.15.158:443

135.125.241.35:443

172.86.120.141:443

rc4.plain

Targets

- Target
  
  e81f4b65fb98623c6be24865728e0e894403738cd4413d372da32fcfe3c6a1f5
- Size
  
  3.2MB
- MD5
  
  2d10e35ba9ba3cba78d59a276708efae
- SHA1
  
  17500c2931c8a1398c7a303fb4a11ce92b07b148
- SHA256
  
  e81f4b65fb98623c6be24865728e0e894403738cd4413d372da32fcfe3c6a1f5
- SHA512
  
  7319045bd51600bf5dbbdd275943358e67ae5ea4925d39eab5a2a8f5eadd903302bf91cf37b7d37e673db00ac057cc07e13799185f862f3ebffc0de7f20c3351
- SSDEEP
  
  49152:fWsNTq3iNJhyavhqaUq5AXWm9KhyyLrgbOww:fW
Score

10^/10

bumblebee 2510 evasion trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebee2510evasiontrojan

© 2018-2025

Terms | Privacy