Overview

overview

10

Static

static

1

f3077783bc...e0.dll

windows7-x64

10

f3077783bc...e0.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f3077783bce02e545a2f915eab33d79b31dabbc65e7fe84ad96a7d09c72243e0

  • Size

    1.6MB

  • Sample

    230417-h4gv8afa3t

  • MD5

    4a09529deba419d71f85353c559063b7

  • SHA1

    6d9118bd78d25265128eeb17459489055d4ea45e

  • SHA256

    f3077783bce02e545a2f915eab33d79b31dabbc65e7fe84ad96a7d09c72243e0

  • SHA512

    74c6ed5f73d51d3cef6678ded90eb744bec50b1e5274f9a36eb1e0732b25fd452189f6edfa728140a6571b1b4cd15a66df87696226c19ccf153d5a721904801f

  • SSDEEP

    24576:U2GyDOoFZaFJbbM3kAXS1LvO4BYT7JIoXUnMgQ67zOLsK2ov9:U2RDFZYNgkAXS1646bXaML6uhv

Score
10/10
bumblebee206revasiontrojan

Malware Config

Extracted

Family

bumblebee

Botnet

206r

C2

145.239.30.26:443

194.37.97.135:443

185.62.58.238:443

176.107.177.124:443

192.236.160.254:443

192.236.192.85:443

185.62.56.201:443

103.175.16.59:443

198.98.57.91:443

154.56.0.221:443

64.44.101.250:443

103.175.16.117:443

63.141.248.253:443

192.236.194.136:443

193.239.84.247:443

192.236.161.191:443

185.156.172.123:443

54.38.136.187:443

64.44.102.6:443

192.119.64.21:443
rc4.plain

Targets

    • Target

      f3077783bce02e545a2f915eab33d79b31dabbc65e7fe84ad96a7d09c72243e0

    • Size

      1.6MB

    • MD5

      4a09529deba419d71f85353c559063b7

    • SHA1

      6d9118bd78d25265128eeb17459489055d4ea45e

    • SHA256

      f3077783bce02e545a2f915eab33d79b31dabbc65e7fe84ad96a7d09c72243e0

    • SHA512

      74c6ed5f73d51d3cef6678ded90eb744bec50b1e5274f9a36eb1e0732b25fd452189f6edfa728140a6571b1b4cd15a66df87696226c19ccf153d5a721904801f

    • SSDEEP

      24576:U2GyDOoFZaFJbbM3kAXS1LvO4BYT7JIoXUnMgQ67zOLsK2ov9:U2RDFZYNgkAXS1646bXaML6uhv

    Score
    10/10
    bumblebee206revasiontrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Blocklisted process makes network request

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks