Overview

overview

10

Static

static

3

af5af36999...7d.dll

windows7-x64

10

af5af36999...7d.dll

windows10-2004-x64

10

Resubmissions

17-01-2024 08:56

240117-kwdvpschf8 10

22-11-2023 17:28

231122-v11v5sdh45 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    af5af36999fcc71cf7e93bbe64bb6299509dde3e40c5b78978ee3cd5b5ddda7d

  • Size

    2.1MB

  • Sample

    231122-v11v5sdh45

  • MD5

    bda498a62a5b68b5c8221807723d97cb

  • SHA1

    f5383697baf1a1433fe5dc948c842c55af84f949

  • SHA256

    af5af36999fcc71cf7e93bbe64bb6299509dde3e40c5b78978ee3cd5b5ddda7d

  • SHA512

    bb8e300ba275bc982252fb60503ac453a663f2f1b4a4803dace2226fc2b19cb43fa630fec1a7c7b67667bce014f9534ab855a3d1cb112c37dcd080ce40c01823

  • SSDEEP

    24576:BsuWJHq2ZaUp3ZWSH1YuAB8EqU+7nm1CJDKL75F1ZuPZfSpNRuXDsY22G9KPzmkX:KpHqxAZRrA8XSIb7GtY

Score
10/10
bumblebeef1evasionloader

Malware Config

Extracted

Family

bumblebee

Botnet

f1

Attributes
  • dga

    n64c2akw.life

    zefawfb0.life

    dph3pby8.life

    hx0hysyg.life

    1qa3k743.life

    luw8ubf2.life

    rbvsf6io.life

    4huoqrsp.life

    8qwcvseh.life

    37zi55wc.life

    i9f44mju.life

    aqnx9c9h.life

    3nmeg5wa.life

    r5ue5rok.life

    et53yjoc.life

    tvgco82h.life

    0xtmu3tz.life

    6xhpschv.life

    6o26tws0.life

    0oz7923s.life

    54y2q50j.life

    9hh7hq5r.life

    r0ca080m.life

    43vtghfz.life

    qal55els.life

    p5e68m36.life

    x698iah6.life

    kqn0zkig.life

    wq6w8jkq.life

    i6n08gx7.life

  • dga_seed

    anjd78ka

  • domain_length

    8

  • num_dga_domains

    100

  • port

    443

rc4.plain

Targets

    • Target

      af5af36999fcc71cf7e93bbe64bb6299509dde3e40c5b78978ee3cd5b5ddda7d

    • Size

      2.1MB

    • MD5

      bda498a62a5b68b5c8221807723d97cb

    • SHA1

      f5383697baf1a1433fe5dc948c842c55af84f949

    • SHA256

      af5af36999fcc71cf7e93bbe64bb6299509dde3e40c5b78978ee3cd5b5ddda7d

    • SHA512

      bb8e300ba275bc982252fb60503ac453a663f2f1b4a4803dace2226fc2b19cb43fa630fec1a7c7b67667bce014f9534ab855a3d1cb112c37dcd080ce40c01823

    • SSDEEP

      24576:BsuWJHq2ZaUp3ZWSH1YuAB8EqU+7nm1CJDKL75F1ZuPZfSpNRuXDsY22G9KPzmkX:KpHqxAZRrA8XSIb7GtY

    Score
    10/10
    bumblebeef1loaderevasion

    • BumbleBee

      BumbleBee is a loader malware written in C++.

      loaderbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks