bumblebee

General

Target

a54302b0bf056c65deb759122f71e757b11155d82e648f9e206dab91aab44bd4
Size

2.6MB
Sample

240226-1vkvmahb47
MD5

39fb644929c57fb75aace407f429cb12
SHA1

f449e79493fcf15dc870466e2ea639d2cbcd8e14
SHA256

a54302b0bf056c65deb759122f71e757b11155d82e648f9e206dab91aab44bd4
SHA512

b32fbd9bc5a58a449199d11decbd1006571ccc849dfcc839477bc457f522fe9f2ca11f3d55ef31978ac0c5e0f811b6e339ecef4c64724b7cf4aedf8d524daade
SSDEEP

49152:K61vkm5V04xOerjOXpe6ZZ1S71F1Q6pn2OL4wC548J3Y5kU:K6Nkm5V04xOerjOXpe2Z1S71UgLq5JJ

Score

10^/10

Malware Config

Extracted

Family

bumblebee

Botnet

25html

C2

23.83.134.136:443

138.201.190.52:443

rc4.plain

Targets

- Target
  
  a54302b0bf056c65deb759122f71e757b11155d82e648f9e206dab91aab44bd4
- Size
  
  2.6MB
- MD5
  
  39fb644929c57fb75aace407f429cb12
- SHA1
  
  f449e79493fcf15dc870466e2ea639d2cbcd8e14
- SHA256
  
  a54302b0bf056c65deb759122f71e757b11155d82e648f9e206dab91aab44bd4
- SHA512
  
  b32fbd9bc5a58a449199d11decbd1006571ccc849dfcc839477bc457f522fe9f2ca11f3d55ef31978ac0c5e0f811b6e339ecef4c64724b7cf4aedf8d524daade
- SSDEEP
  
  49152:K61vkm5V04xOerjOXpe6ZZ1S71F1Q6pn2OL4wC548J3Y5kU:K6Nkm5V04xOerjOXpe2Z1S71UgLq5JJ
Score

10^/10

bumblebee 25html evasion loader
- BumbleBee
  BumbleBee is a loader malware written in C++.
  loader bumblebee
- Detects executables referencing many IR and analysis tools
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Blocklisted process makes network request
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

4

T1497

Credential Access

Discovery

Query Registry

5

T1012

System Information Discovery

2

T1082

Virtualization/Sandbox Evasion

4

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detects executables referencing many IR and analysis tools

Enumerates VirtualBox registry keys

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Looks for VirtualBox Guest Additions in registry

Blocklisted process makes network request

Checks BIOS information in registry

Identifies Wine through registry keys

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2