bumblebee

General

Target

c97b8bffcbe424cbc2a6e1135068d071c6f4e8f020fccd2db3dbee3aa80102ac
Size

2.7MB
Sample

240410-rf5rtaae44
MD5

59baede0aac3a38c8578aa8fef89d960
SHA1

19fa63af83dfed8023f10147c33c8edb6aabb1b4
SHA256

c97b8bffcbe424cbc2a6e1135068d071c6f4e8f020fccd2db3dbee3aa80102ac
SHA512

f87e5285a22df54906ee18ba71334beba5dd36cf8cfb3ac8f0f44e8bfe8441ba95e3c6787dc9cb9c274f01aec724500d5d2a3ff3c466f8efdf08bac8b35400ed
SSDEEP

49152:7CkeRD2DBKMpRd8qsToHaQBVeytTEmu6+lzz7JP1KV3jgjO4gYAPLokp6vVkTMU:7CkdB/pRdksaQBVNtTEmu6+lzz7JP1KT

Score

10^/10

Malware Config

Extracted

Family

bumblebee

Botnet

ALL0604

C2

192.236.198.63:443

Targets

- Target
  
  c97b8bffcbe424cbc2a6e1135068d071c6f4e8f020fccd2db3dbee3aa80102ac
- Size
  
  2.7MB
- MD5
  
  59baede0aac3a38c8578aa8fef89d960
- SHA1
  
  19fa63af83dfed8023f10147c33c8edb6aabb1b4
- SHA256
  
  c97b8bffcbe424cbc2a6e1135068d071c6f4e8f020fccd2db3dbee3aa80102ac
- SHA512
  
  f87e5285a22df54906ee18ba71334beba5dd36cf8cfb3ac8f0f44e8bfe8441ba95e3c6787dc9cb9c274f01aec724500d5d2a3ff3c466f8efdf08bac8b35400ed
- SSDEEP
  
  49152:7CkeRD2DBKMpRd8qsToHaQBVeytTEmu6+lzz7JP1KV3jgjO4gYAPLokp6vVkTMU:7CkdB/pRdksaQBVNtTEmu6+lzz7JP1KT
Score

10^/10

bumblebee all0604 evasion loader
- BumbleBee
  BumbleBee is a loader malware written in C++.
  loader bumblebee
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Blocklisted process makes network request
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

4

T1497

Credential Access

Discovery

Query Registry

5

T1012

System Information Discovery

2

T1082

Virtualization/Sandbox Evasion

4

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Enumerates VirtualBox registry keys

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Looks for VirtualBox Guest Additions in registry

Blocklisted process makes network request

Checks BIOS information in registry

Identifies Wine through registry keys

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2