Overview

overview

10

Static

static

3

a54302b0bf...d4.dll

windows7-x64

10

a54302b0bf...d4.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26-02-2024 21:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a54302b0bf056c65deb759122f71e757b11155d82e648f9e206dab91aab44bd4.dll

  • Size

    2.6MB

  • MD5

    39fb644929c57fb75aace407f429cb12

  • SHA1

    f449e79493fcf15dc870466e2ea639d2cbcd8e14

  • SHA256

    a54302b0bf056c65deb759122f71e757b11155d82e648f9e206dab91aab44bd4

  • SHA512

    b32fbd9bc5a58a449199d11decbd1006571ccc849dfcc839477bc457f522fe9f2ca11f3d55ef31978ac0c5e0f811b6e339ecef4c64724b7cf4aedf8d524daade

  • SSDEEP

    49152:K61vkm5V04xOerjOXpe6ZZ1S71F1Q6pn2OL4wC548J3Y5kU:K6Nkm5V04xOerjOXpe2Z1S71UgLq5JJ

Score
10/10
bumblebee25htmlevasionloader

Malware Config

Extracted

Family

bumblebee

Botnet

25html

C2

23.83.134.136:443

138.201.190.52:443
rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a loader malware written in C++.

    loaderbumblebee
  • Detects executables referencing many IR and analysis tools 3 IoCs
  • Enumerates VirtualBox registry keys 2 TTPs 5 IoCs
    evasion
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 3 IoCs
    evasion
  • Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 3 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs

    Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

  • Suspicious behavior: EnumeratesProcesses 41 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\a54302b0bf056c65deb759122f71e757b11155d82e648f9e206dab91aab44bd4.dll,#1
    1⤵
    • Enumerates VirtualBox registry keys
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Looks for VirtualBox Guest Additions in registry
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Checks for VirtualBox DLLs, possible anti-VM trick
    • Suspicious behavior: EnumeratesProcesses
    PID:2892

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2892-3-0x0000000077140000-0x00000000772E9000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2892-2-0x0000000001F90000-0x00000000021DB000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2892-1-0x0000000077140000-0x00000000772E9000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2892-0-0x0000000001F90000-0x00000000021DB000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2892-4-0x0000000077140000-0x00000000772E9000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2892-5-0x0000000077140000-0x00000000772E9000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2892-6-0x0000000077140000-0x00000000772E9000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2892-7-0x0000000077140000-0x00000000772E9000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2892-8-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2892-9-0x0000000001F90000-0x00000000021DB000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2892-10-0x0000000077140000-0x00000000772E9000-memory.dmp

    Filesize

    1.7MB

    Download