bumblebee

General

Target

8f47c3962a7c418bae71fec42bbca9524b72f8f0fd2dd81d1175138f7d20b2f7
Size

2.7MB
Sample

240410-pvnezaba6s
MD5

8335ad591afdfdd65f90536b9ff15597
SHA1

bfc8b6501dfac4583979f12552535c2923b881bf
SHA256

8f47c3962a7c418bae71fec42bbca9524b72f8f0fd2dd81d1175138f7d20b2f7
SHA512

b438383f722afc65cf5dce113a405f4feec3f275f513f01a7f7a8f6150bbce78a669015b552ed3b7c798f7538444e1a6b751cc7e290445ef1404b9e34ff4a473
SSDEEP

49152:K1GTzcSFGB0tWWYLGPFn7aRmNkk/yCAgQ2MccAnpgSpWaI7+lNOl7AmWzOCI9e:K1G3lExTLGtomNkk/yCAgQ2MccAnpgSR

Score

10^/10

Malware Config

Extracted

Family

bumblebee

Botnet

ALL0604

C2

192.236.198.63:443

Targets

- Target
  
  8f47c3962a7c418bae71fec42bbca9524b72f8f0fd2dd81d1175138f7d20b2f7
- Size
  
  2.7MB
- MD5
  
  8335ad591afdfdd65f90536b9ff15597
- SHA1
  
  bfc8b6501dfac4583979f12552535c2923b881bf
- SHA256
  
  8f47c3962a7c418bae71fec42bbca9524b72f8f0fd2dd81d1175138f7d20b2f7
- SHA512
  
  b438383f722afc65cf5dce113a405f4feec3f275f513f01a7f7a8f6150bbce78a669015b552ed3b7c798f7538444e1a6b751cc7e290445ef1404b9e34ff4a473
- SSDEEP
  
  49152:K1GTzcSFGB0tWWYLGPFn7aRmNkk/yCAgQ2MccAnpgSpWaI7+lNOl7AmWzOCI9e:K1G3lExTLGtomNkk/yCAgQ2MccAnpgSR
Score

10^/10

bumblebee all0604 evasion loader
- BumbleBee
  BumbleBee is a loader malware written in C++.
  loader bumblebee
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Blocklisted process makes network request
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

4

T1497

Credential Access

Discovery

Query Registry

5

T1012

System Information Discovery

2

T1082

Virtualization/Sandbox Evasion

4

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Enumerates VirtualBox registry keys

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Looks for VirtualBox Guest Additions in registry

Blocklisted process makes network request

Checks BIOS information in registry

Identifies Wine through registry keys

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2