bumblebee

General

Target

3463f026ce1c325931e285b587b82f7f690db2e75929c7edd154df1e14f38c93
Size

3.7MB
Sample

240410-mbm9racb53
MD5

4820f3c0c2b85d9e8ebb121fd35cb3bc
SHA1

e645cb78d7e100c4a3f13eb5f88e09cd31377b26
SHA256

3463f026ce1c325931e285b587b82f7f690db2e75929c7edd154df1e14f38c93
SHA512

35f8b12982b229be8a96aa867050c0ecb1807e58cbf6acef0d214cf049f933e8e240a4d1022429d6a99a0315b4af47af37c01b1decb28a7b5fe621354673d7f2
SSDEEP

49152:VwJ6bUFSuLjWTrbfQlrd088iG1oO9BDA80xZ8MT+:VwCPc088iG1oO9BDA80xZ8MT+

Score

10^/10

Malware Config

Extracted

Family

bumblebee

Botnet

2104r

C2

28.11.143.222:443

71.1.188.122:443

49.12.241.35:443

89.222.221.14:443

185.33.87.53:443

108.62.118.56:443

rc4.plain

Targets

- Target
  
  3463f026ce1c325931e285b587b82f7f690db2e75929c7edd154df1e14f38c93
- Size
  
  3.7MB
- MD5
  
  4820f3c0c2b85d9e8ebb121fd35cb3bc
- SHA1
  
  e645cb78d7e100c4a3f13eb5f88e09cd31377b26
- SHA256
  
  3463f026ce1c325931e285b587b82f7f690db2e75929c7edd154df1e14f38c93
- SHA512
  
  35f8b12982b229be8a96aa867050c0ecb1807e58cbf6acef0d214cf049f933e8e240a4d1022429d6a99a0315b4af47af37c01b1decb28a7b5fe621354673d7f2
- SSDEEP
  
  49152:VwJ6bUFSuLjWTrbfQlrd088iG1oO9BDA80xZ8MT+:VwCPc088iG1oO9BDA80xZ8MT+
Score

10^/10

bumblebee 2104r evasion loader
- BumbleBee
  BumbleBee is a loader malware written in C++.
  loader bumblebee
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Blocklisted process makes network request
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

4

T1497

Credential Access

Discovery

Query Registry

5

T1012

System Information Discovery

2

T1082

Virtualization/Sandbox Evasion

4

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Enumerates VirtualBox registry keys

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Looks for VirtualBox Guest Additions in registry

Blocklisted process makes network request

Checks BIOS information in registry

Identifies Wine through registry keys

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2