bumblebee

General

Target

3463f026ce1c325931e285b587b82f7f690db2e75929c7edd154df1e14f38c93
Size

3.7MB
Sample

240410-mbm9racb53
MD5

4820f3c0c2b85d9e8ebb121fd35cb3bc
SHA1

e645cb78d7e100c4a3f13eb5f88e09cd31377b26
SHA256

3463f026ce1c325931e285b587b82f7f690db2e75929c7edd154df1e14f38c93
SHA512

35f8b12982b229be8a96aa867050c0ecb1807e58cbf6acef0d214cf049f933e8e240a4d1022429d6a99a0315b4af47af37c01b1decb28a7b5fe621354673d7f2
SSDEEP

49152:VwJ6bUFSuLjWTrbfQlrd088iG1oO9BDA80xZ8MT+:VwCPc088iG1oO9BDA80xZ8MT+

Score

10^/10

Malware Config

Extracted

Family

bumblebee

Botnet

2104r

C2

28.11.143.222:443

71.1.188.122:443

49.12.241.35:443

89.222.221.14:443

185.33.87.53:443

108.62.118.56:443

rc4.plain

Targets

- Target
  
  3463f026ce1c325931e285b587b82f7f690db2e75929c7edd154df1e14f38c93
- Size
  
  3.7MB
- MD5
  
  4820f3c0c2b85d9e8ebb121fd35cb3bc
- SHA1
  
  e645cb78d7e100c4a3f13eb5f88e09cd31377b26
- SHA256
  
  3463f026ce1c325931e285b587b82f7f690db2e75929c7edd154df1e14f38c93
- SHA512
  
  35f8b12982b229be8a96aa867050c0ecb1807e58cbf6acef0d214cf049f933e8e240a4d1022429d6a99a0315b4af47af37c01b1decb28a7b5fe621354673d7f2
- SSDEEP
  
  49152:VwJ6bUFSuLjWTrbfQlrd088iG1oO9BDA80xZ8MT+:VwCPc088iG1oO9BDA80xZ8MT+
Score

10^/10

bumblebee 2104r evasion loader
- BumbleBee
  BumbleBee is a loader malware written in C++.
  loader bumblebee
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Blocklisted process makes network request
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

4

T1497

Credential Access

Discovery

Query Registry

5

T1012

Virtualization/Sandbox Evasion

4

T1497

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Enumerates VirtualBox registry keys

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Looks for VirtualBox Guest Additions in registry

Blocklisted process makes network request

Checks BIOS information in registry

Identifies Wine through registry keys

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2