bumblebee | d34d5d293ef589bc20d27d216385f34706a8a049460633a9476222e0a3bd0680 | Triage

Submit
Reports

Overview

overview

Static

static

build/pack...64.exe

windows11-21h2-x64

9

Sharing

General

Target

artifacts.zip
Size

139.8MB
Sample

240822-r1lvfavdqq
MD5

d0e1b50214b55a05c9c36f5d6af0e5e0
SHA1

29d6d783b4f55c9293e75d63dc58c92ad757d7b0
SHA256

d34d5d293ef589bc20d27d216385f34706a8a049460633a9476222e0a3bd0680
SHA512

021c08bbc3e30ff672cc69210295598b84f8d2aa33a7c42e11fc09a1b6b70627aba5281bf2903040d06f2049f1b4cbbc6684d280531a9cf89cc812f65ed4810f
SSDEEP

3145728:RyRREc3Z0CqFp83bUchCAXDSlBAvPkKkzc+wVlOljKhvsPnN4yo8EmQ/Wqu9:yJWHG3LhCVleHkYlOljtN4GQ/Wqu9

Score

10^/10

bumblebee discovery evasion execution

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

build/packaging/nsis/wireshark-4.5.0-x64.exe

Resource

win11-20240802-en

discovery evasion execution

windows11-21h2-x64

25 signatures

1800 seconds

Malware Config

Targets

- Target
  
  build/packaging/nsis/wireshark-4.5.0-x64.exe
- Size
  
  140.1MB
- MD5
  
  3dabcbdceadc3c0f99595728b1aacca2
- SHA1
  
  9cc72a1b9b8d655ceb9108c4a447f112d8d44511
- SHA256
  
  45b22782db9f3b15b53d056e4b4b2a725e85d276f8f12125ea7e928b1d8c94a5
- SHA512
  
  2648c7d202c4728617417a9df8ca0d198ec0793a3e8ea38f63c2c9d7095380cd79776b95f27abe566bb82789ddfae657ded33876fe13194046663b3ed35aed61
- SSDEEP
  
  3145728:dmDxMO97QySz96BBgMDsonZWh5MPj0Qw/2w0FjIXvibrMpv3KgoakU2Tmu65:mjOv4BvDslh27K4jIXvf3KW2Tmu65
Score

9^/10

discovery evasion execution
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops file in Drivers directory
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Software Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionexecution

© 2018-2024

Terms | Privacy