Overview

overview

10

Static

static

3

7df703625e...15.dll

windows7-x64

10

7df703625e...15.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7df703625ee06db2786650b48ffefb13fa1f0dae41e521b861a16772e800c115.exe

  • Size

    2.1MB

  • Sample

    241004-b3h9bsxepm

  • MD5

    40ee908eff9418d1cbcb36ea516ca34e

  • SHA1

    e13e947f3ce59a2a58ce09c2d8888053d685fa44

  • SHA256

    7df703625ee06db2786650b48ffefb13fa1f0dae41e521b861a16772e800c115

  • SHA512

    eedae343bf53411aa9a64e0f6ae9ee1ac15b6cdc02d94894604974e5d0ffcafc56f9df9afa368cab38a017785e559d75bb9dea95bffc78088048cf3b1ec7d639

  • SSDEEP

    49152:AgbA0SNOgGbH+/mrzAnO5oEshZHFTdgmH:v20gGjnrzAZEIZHzgmH

Score
10/10
bumblebeemsievasionloader

Malware Config

Extracted

Family

bumblebee

Botnet

msi

Attributes
  • dga

    tvx1ovdepj8.life

    acgr6r8zdot.life

    ilofx941igp.life

    8x2apo5m7ri.life

    x9yrzer0ndt.life

    93j4v4jopzd.life

    ameagxzo2f7.life

    nyy41uibsv5.life

    ru4jvijdytq.life

    l9t6r0y6cvi.life

    f4vb9n3tdvh.life

    9do3mcejztt.life

    pxu1ajsdhqr.life

    7exy2b231n2.life

    vu5b47m18jn.life

    6mnudp7zj73.life

    p5047yjrb8q.life

    d0xtxp89bb9.life

    ygo9u1fkwux.life

    fig3gj0v6qe.life

    38f5wvwwn7o.life

    txgogs9p8a1.life

    uyn0icgx1kv.life

    2z1ls31az7s.life

    0cc2z8zrnhf.life

    fsr2hskx44p.life

    du19ek78tjw.life

    234ct3lkozp.life

    he8fq4k8d3w.life

    7ewh8ltr7il.life

  • dga_seed

    1.0163655285949564e+18

  • domain_length

    11

  • num_dga_domains

    100

  • port

    443

rc4.plain

Targets

    • Target

      7df703625ee06db2786650b48ffefb13fa1f0dae41e521b861a16772e800c115.exe

    • Size

      2.1MB

    • MD5

      40ee908eff9418d1cbcb36ea516ca34e

    • SHA1

      e13e947f3ce59a2a58ce09c2d8888053d685fa44

    • SHA256

      7df703625ee06db2786650b48ffefb13fa1f0dae41e521b861a16772e800c115

    • SHA512

      eedae343bf53411aa9a64e0f6ae9ee1ac15b6cdc02d94894604974e5d0ffcafc56f9df9afa368cab38a017785e559d75bb9dea95bffc78088048cf3b1ec7d639

    • SSDEEP

      49152:AgbA0SNOgGbH+/mrzAnO5oEshZHFTdgmH:v20gGjnrzAZEIZHzgmH

    Score
    10/10
    bumblebeemsievasionloader

    • BumbleBee

      BumbleBee is a loader malware written in C++.

      loaderbumblebee

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks