bumblebee | 8a1a0b4872c74737fa67fd233e4a2546412c4a442ebd04022e680cb37b7aedac | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-05-09...uk.exe

windows7-x64

2024-05-09...uk.exe

windows10-2004-x64

Sharing

General

Target

2024-05-09_18c0d4d076dcf852682a1e928ea6fd20_ryuk
Size

1.4MB
Sample

240509-lqp68abd4y
MD5

18c0d4d076dcf852682a1e928ea6fd20
SHA1

d728085c03e3586ac11b558b59872b440d01c544
SHA256

8a1a0b4872c74737fa67fd233e4a2546412c4a442ebd04022e680cb37b7aedac
SHA512

a17e02991f7edca6ac477dba336d9c32acf03238eca23d1df31ab6cdb03fb976fb1a20c526cc06a94c9b3fd7a853232943bcdf11d77414e9058493d73ab865b0
SSDEEP

24576:dQTkuS3lgPzjmR4JcIn652Y0/oHTTvN718HGO8YIH5A70HQq8lJ2Wd:dQopEPmRpIn652Y0M528YC5dHSlJv

Score

10^/10

bumblebee asd1234 evasion loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-05-09_18c0d4d076dcf852682a1e928ea6fd20_ryuk.exe

Resource

win7-20240221-en

bumblebee asd1234 loader

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-05-09_18c0d4d076dcf852682a1e928ea6fd20_ryuk.exe

Resource

win10v2004-20240426-en

bumblebee asd1234 evasion loader

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

bumblebee

Botnet

asd1234

rc4.plain

Targets

- Target
  
  2024-05-09_18c0d4d076dcf852682a1e928ea6fd20_ryuk
- Size
  
  1.4MB
- MD5
  
  18c0d4d076dcf852682a1e928ea6fd20
- SHA1
  
  d728085c03e3586ac11b558b59872b440d01c544
- SHA256
  
  8a1a0b4872c74737fa67fd233e4a2546412c4a442ebd04022e680cb37b7aedac
- SHA512
  
  a17e02991f7edca6ac477dba336d9c32acf03238eca23d1df31ab6cdb03fb976fb1a20c526cc06a94c9b3fd7a853232943bcdf11d77414e9058493d73ab865b0
- SSDEEP
  
  24576:dQTkuS3lgPzjmR4JcIn652Y0/oHTTvN718HGO8YIH5A70HQq8lJ2Wd:dQopEPmRpIn652Y0M528YC5dHSlJv
Score

10^/10

bumblebee asd1234 loader evasion
- BumbleBee
  BumbleBee is a loader malware written in C++.
  loader bumblebee
- Detects executables referencing combination of virtualization drivers
- Detects executables referencing virtualization MAC addresses
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebeeasd1234loader

behavioral2

bumblebeeasd1234evasionloader

© 2018-2024

Terms | Privacy