Overview

overview

10

Static

static

3

3463f026ce...93.dll

windows7-x64

10

3463f026ce...93.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240319-en
  • resource tags

    arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
  • submitted
    10-04-2024 10:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3463f026ce1c325931e285b587b82f7f690db2e75929c7edd154df1e14f38c93.dll

  • Size

    3.7MB

  • MD5

    4820f3c0c2b85d9e8ebb121fd35cb3bc

  • SHA1

    e645cb78d7e100c4a3f13eb5f88e09cd31377b26

  • SHA256

    3463f026ce1c325931e285b587b82f7f690db2e75929c7edd154df1e14f38c93

  • SHA512

    35f8b12982b229be8a96aa867050c0ecb1807e58cbf6acef0d214cf049f933e8e240a4d1022429d6a99a0315b4af47af37c01b1decb28a7b5fe621354673d7f2

  • SSDEEP

    49152:VwJ6bUFSuLjWTrbfQlrd088iG1oO9BDA80xZ8MT+:VwCPc088iG1oO9BDA80xZ8MT+

Score
10/10
bumblebee2104revasionloader

Malware Config

Extracted

Family

bumblebee

Botnet

2104r

C2

28.11.143.222:443

71.1.188.122:443

49.12.241.35:443

89.222.221.14:443

185.33.87.53:443

108.62.118.56:443
rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a loader malware written in C++.

    loaderbumblebee
  • Enumerates VirtualBox registry keys 2 TTPs 5 IoCs
    evasion
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 3 IoCs
    evasion
  • Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 3 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs

    Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

  • Suspicious behavior: EnumeratesProcesses 41 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\3463f026ce1c325931e285b587b82f7f690db2e75929c7edd154df1e14f38c93.dll,#1
    1⤵
    • Enumerates VirtualBox registry keys
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Looks for VirtualBox Guest Additions in registry
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Checks for VirtualBox DLLs, possible anti-VM trick
    • Suspicious behavior: EnumeratesProcesses
    PID:2336

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

4
T1497

Credential Access

Discovery

Query Registry

5
T1012

Virtualization/Sandbox Evasion

4
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2336-1-0x0000000077C80000-0x0000000077E29000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/2336-0-0x0000000001CD0000-0x0000000001F1B000-memory.dmp
    Filesize

    2.3MB

    Download
  • memory/2336-3-0x0000000077C80000-0x0000000077E29000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/2336-2-0x0000000001CD0000-0x0000000001F1B000-memory.dmp
    Filesize

    2.3MB

    Download
  • memory/2336-4-0x0000000077C80000-0x0000000077E29000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/2336-5-0x0000000077C80000-0x0000000077E29000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/2336-6-0x0000000077C80000-0x0000000077E29000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/2336-7-0x0000000077C80000-0x0000000077E29000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/2336-8-0x000000007FFF0000-0x000000007FFF1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2336-9-0x0000000077C80000-0x0000000077E29000-memory.dmp
    Filesize

    1.7MB

    Download