bumblebee

General

Target

JaffaCakes118_6e9caeb0638c049f8c87ca866f98e1bc1d174d4c7dc09b3866e9d0cd8a568a64
Size

874KB
Sample

241222-dqqtra1mdy
MD5

36189ac6b32ed5d05a33e8d0c341b0b1
SHA1

06ddf17b00c0bb5ed9c167e958ad77e3d4a0ccbd
SHA256

6e9caeb0638c049f8c87ca866f98e1bc1d174d4c7dc09b3866e9d0cd8a568a64
SHA512

5c4f32cf49d5a217ed594fc57ab01b8e9b3700c2a5a3f612bad1e98275b8a0b5028bfdffefc834835512daa5afaa7b899e6e88cfa91c8b1aae77ed908a2914ee
SSDEEP

24576:h25dh8GAZfenWl6pNRwtLhvEunKfujhqqn+9EMDiCNicSTEea:hQW5cDwPvEjfu1qNdDivta

Score

10^/10

Malware Config

Extracted

Family

bumblebee

Botnet

276l

C2

172.93.193.124:443

45.153.241.64:443

45.153.241.19:443

rc4.plain

Targets

- Target
  
  stats.dll
- Size
  
  1.4MB
- MD5
  
  657682f71a10eafd869cf2d2bf793dff
- SHA1
  
  db85130c620529b809a1993418a273548cf9d449
- SHA256
  
  30bf36f75df541899e3954ca3a9efa96ae4a7d4fd268a8efb81605146ee7eaa2
- SHA512
  
  7cb1797e8ed51ccb54dd0c6e5d7b95c2aa62f5a3ad17762ffa1a8377731dcb2f75b8c4607fca587d18b8499e85e87a03fec8b2f18ea46b3a4cd45abe450100e3
- SSDEEP
  
  24576:huMrbr80bs3VdeOZNYu1Y6jFguq4Fn7GoMXt0cjWo9jaibETl:huMr3+VhNYu5j2xsnRqBC
Score

10^/10

bumblebee 276l evasion loader
- BumbleBee
  BumbleBee is a loader malware written in C++.
  loader bumblebee
- Bumblebee family
  bumblebee
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

4

T1497

Credential Access

Discovery

Query Registry

5

T1012

System Information Discovery

2

T1082

Virtualization/Sandbox Evasion

4

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Bumblebee family

Enumerates VirtualBox registry keys

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Looks for VirtualBox Guest Additions in registry

Checks BIOS information in registry

Identifies Wine through registry keys

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2