bumblebee | a54302b0bf056c65deb759122f71e757b11155d82e648f9e206dab91aab44bd4 | Triage

Submit
Reports

Overview

overview

Static

static

3

a54302b0bf...d4.dll

windows7-x64

a54302b0bf...d4.dll

windows10-2004-x64

Sharing

General

Target

a54302b0bf056c65deb759122f71e757b11155d82e648f9e206dab91aab44bd4
Size

2.6MB
Sample

240226-1vkvmahb47
MD5

39fb644929c57fb75aace407f429cb12
SHA1

f449e79493fcf15dc870466e2ea639d2cbcd8e14
SHA256

a54302b0bf056c65deb759122f71e757b11155d82e648f9e206dab91aab44bd4
SHA512

b32fbd9bc5a58a449199d11decbd1006571ccc849dfcc839477bc457f522fe9f2ca11f3d55ef31978ac0c5e0f811b6e339ecef4c64724b7cf4aedf8d524daade
SSDEEP

49152:K61vkm5V04xOerjOXpe6ZZ1S71F1Q6pn2OL4wC548J3Y5kU:K6Nkm5V04xOerjOXpe2Z1S71UgLq5JJ

Score

10^/10

bumblebee 25html evasion loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a54302b0bf056c65deb759122f71e757b11155d82e648f9e206dab91aab44bd4.dll

Resource

win7-20240221-en

bumblebee 25html evasion loader

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

a54302b0bf056c65deb759122f71e757b11155d82e648f9e206dab91aab44bd4.dll

Resource

win10v2004-20240226-en

bumblebee 25html evasion loader

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

bumblebee

Botnet

25html

C2

23.83.134.136:443

138.201.190.52:443

rc4.plain

Targets

- Target
  
  a54302b0bf056c65deb759122f71e757b11155d82e648f9e206dab91aab44bd4
- Size
  
  2.6MB
- MD5
  
  39fb644929c57fb75aace407f429cb12
- SHA1
  
  f449e79493fcf15dc870466e2ea639d2cbcd8e14
- SHA256
  
  a54302b0bf056c65deb759122f71e757b11155d82e648f9e206dab91aab44bd4
- SHA512
  
  b32fbd9bc5a58a449199d11decbd1006571ccc849dfcc839477bc457f522fe9f2ca11f3d55ef31978ac0c5e0f811b6e339ecef4c64724b7cf4aedf8d524daade
- SSDEEP
  
  49152:K61vkm5V04xOerjOXpe6ZZ1S71F1Q6pn2OL4wC548J3Y5kU:K6Nkm5V04xOerjOXpe2Z1S71UgLq5JJ
Score

10^/10

bumblebee 25html evasion loader
- BumbleBee
  BumbleBee is a loader malware written in C++.
  loader bumblebee
- Detects executables referencing many IR and analysis tools
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Blocklisted process makes network request
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bumblebee25htmlevasionloader

behavioral2

bumblebee25htmlevasionloader

© 2018-2024

Terms | Privacy