bumblebee | 4a49e2f06ba48d3a88fdeb83fb8021f3d165535e8ea5319b16a7ebe4da9c0751 | Triage

Submit
Reports

Overview

overview

Static

static

3

4a49e2f06b...51.dll

windows7-x64

4a49e2f06b...51.dll

windows10-2004-x64

Sharing

General

Target

4a49e2f06ba48d3a88fdeb83fb8021f3d165535e8ea5319b16a7ebe4da9c0751
Size

2.7MB
Sample

240410-mwxnxsda39
MD5

c9e37a67f7e3dd3826c23ee04a62ec7b
SHA1

aa157fabb858a9e7ae0d138246545f776934cba7
SHA256

4a49e2f06ba48d3a88fdeb83fb8021f3d165535e8ea5319b16a7ebe4da9c0751
SHA512

5a5912c002f7d06a39bd0f9eba82da32cd7e621e814f1060095d5d56d2a0092ee398499a6a75cb28da773f63b1320f66089ed881a59fb36e8b589deb384e92ea
SSDEEP

49152:+jThLI9aW/+9xRAfRJiN9KtmkP8vfuGia3F2JgN8kupvjgi3M8pp/:+XdO+9x4JiN9umkP8vfuGia3F2JgN8kG

Score

10^/10

bumblebee all0604 evasion loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4a49e2f06ba48d3a88fdeb83fb8021f3d165535e8ea5319b16a7ebe4da9c0751.dll

Resource

win7-20240221-en

bumblebee all0604 evasion loader

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

4a49e2f06ba48d3a88fdeb83fb8021f3d165535e8ea5319b16a7ebe4da9c0751.dll

Resource

win10v2004-20240226-en

bumblebee all0604 evasion loader

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

bumblebee

Botnet

ALL0604

C2

192.236.198.63:443

Targets

- Target
  
  4a49e2f06ba48d3a88fdeb83fb8021f3d165535e8ea5319b16a7ebe4da9c0751
- Size
  
  2.7MB
- MD5
  
  c9e37a67f7e3dd3826c23ee04a62ec7b
- SHA1
  
  aa157fabb858a9e7ae0d138246545f776934cba7
- SHA256
  
  4a49e2f06ba48d3a88fdeb83fb8021f3d165535e8ea5319b16a7ebe4da9c0751
- SHA512
  
  5a5912c002f7d06a39bd0f9eba82da32cd7e621e814f1060095d5d56d2a0092ee398499a6a75cb28da773f63b1320f66089ed881a59fb36e8b589deb384e92ea
- SSDEEP
  
  49152:+jThLI9aW/+9xRAfRJiN9KtmkP8vfuGia3F2JgN8kupvjgi3M8pp/:+XdO+9x4JiN9umkP8vfuGia3F2JgN8kG
Score

10^/10

bumblebee all0604 evasion loader
- BumbleBee
  BumbleBee is a loader malware written in C++.
  loader bumblebee
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Blocklisted process makes network request
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bumblebeeall0604evasionloader

behavioral2

bumblebeeall0604evasionloader

© 2018-2024

Terms | Privacy