bumblebee

General

Target

c65c51ed60f91a92789c4b056821ef51252baa2a1679a6513ab008acf0464ccb
Size

3.7MB
Sample

241115-s9qenaxbjk
MD5

8e7115ea580f39c152e4d4bc4472c402
SHA1

4ea1f1d8a01f251fa5db350f72b04a1d11028fb0
SHA256

c65c51ed60f91a92789c4b056821ef51252baa2a1679a6513ab008acf0464ccb
SHA512

bde81a4da80dda9e06815b153caa2dcaea874bfd973c9d24b1e935e0c88a0d094dcce0b153d9866a87b2b06bc636a30b23d3fe27e345b4a2ee174b52acc44619
SSDEEP

98304:XZo5q0spyUTJkqVnIY0z7ceiVNhPvpx3:XZwqlp51krrz4vp

Score

10^/10

Malware Config

Extracted

Family

bumblebee

Botnet

2104a

C2

282.19.133.12:443

91.122.18.192:443

185.156.172.62:443

72.123.65.11:443

149.255.35.167:443

172.241.27.146:443

rc4.plain

Targets

- Target
  
  c65c51ed60f91a92789c4b056821ef51252baa2a1679a6513ab008acf0464ccb
- Size
  
  3.7MB
- MD5
  
  8e7115ea580f39c152e4d4bc4472c402
- SHA1
  
  4ea1f1d8a01f251fa5db350f72b04a1d11028fb0
- SHA256
  
  c65c51ed60f91a92789c4b056821ef51252baa2a1679a6513ab008acf0464ccb
- SHA512
  
  bde81a4da80dda9e06815b153caa2dcaea874bfd973c9d24b1e935e0c88a0d094dcce0b153d9866a87b2b06bc636a30b23d3fe27e345b4a2ee174b52acc44619
- SSDEEP
  
  98304:XZo5q0spyUTJkqVnIY0z7ceiVNhPvpx3:XZwqlp51krrz4vp
Score

10^/10

bumblebee 2104a evasion loader
- BumbleBee
  BumbleBee is a loader malware written in C++.
  loader bumblebee
- Bumblebee family
  bumblebee
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Blocklisted process makes network request
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

4

T1497

Credential Access

Discovery

Query Registry

5

T1012

System Information Discovery

2

T1082

Virtualization/Sandbox Evasion

4

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Bumblebee family

Enumerates VirtualBox registry keys

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Looks for VirtualBox Guest Additions in registry

Blocklisted process makes network request

Checks BIOS information in registry

Identifies Wine through registry keys

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2