Overview

overview

10

Static

static

New Folder.lnk

windows7-x64

10

New Folder.lnk

windows10-2004-x64

10

desk.dll

windows7-x64

10

desk.dll

windows10-2004-x64

10

Resubmissions

11-11-2022 08:08

221111-j1y6rscebm 10

12-05-2022 21:09

220512-zzj88aabg5 10

11-05-2022 17:34

220511-v5d7yahaan 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Wolseley IG project_details02.iso

  • Size

    1.2MB

  • Sample

    221111-j1y6rscebm

  • MD5

    81f790dea35027f8e963d46fa7a0f42e

  • SHA1

    72d2dd08c371b91a4aa20f582b7cfb4bab60ae75

  • SHA256

    0d740a348362171814cb314a48d763e336407904a36fa278eaf390c5743ec33b

  • SHA512

    3977964d0fb9bddaf66726e41e734e552616e159b12cc05e1154adeef1f1fdfb2159c96cc34b6a00be78eee659d6b5837003a14b4f451a7cf6037a0bd785422f

  • SSDEEP

    24576:PSjYvwTRvpA44SNKeysw9VJFtyzDf5WF313pyLS9cUGt2Z8gUHc43Zx:PSjY4TRvyem9VJFAXM7pGDRt2ZxTqZx

Score
10/10
bumblebee1105aevasiontrojan

Malware Config

Extracted

Family

bumblebee

Botnet

1105a

C2

142.11.222.79:443

23.254.224.200:443

103.175.16.52:443

199.195.252.30:443
rc4.plain

Targets

    • Target

      New Folder.lnk

    • Size

      1KB

    • MD5

      f40f57579623acd5c105e59e23d25572

    • SHA1

      84b7fd207f04b59a1bad3287db7c75415c53a60d

    • SHA256

      83bbe84835486fc58812b378e3a149873c1d2404e8ba402dbbbefa48f6a18fd5

    • SHA512

      8bcd116fc97dbdb8a143eff16bbfd2e4ee1f10645da694a5bad05c4f7c9ed7e5a70908e764ab09b2011cee545a0a1fc934403e44c44f50edfbf028b383618c1c

    Score
    10/10
    bumblebee1105aevasiontrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion
    behavioral1behavioral2

    • Target

      desk.dll

    • Size

      1.2MB

    • MD5

      b07d064220b48ac3b110e6ebe1e4f542

    • SHA1

      c3bb172894a4e0e1ecc93fcd1bd78450ab4ca195

    • SHA256

      25ccf19af5dac51ec76ce6da1d2958d5dee34e50e78938b187b627f8771317d1

    • SHA512

      d169d11b492e465e31fa98e4b185a2161e1ff739757f7e139f9c63605af3d9a15813a538801d569f75de02de26a243dd40b7d46d074ffda445dd70c1860e1c74

    • SSDEEP

      24576:dSjYvwTRvpA44SNKeysw9VJFtyzDf5WF313pyLS9cUGt2Z8gUHc43Zx:dSjY4TRvyem9VJFAXM7pGDRt2ZxTqZx

    Score
    10/10
    bumblebee1105aevasiontrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion
    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks