bumblebee | 8b5ecfd8c02d9f39a1ca89650375eddb17642ea1a745c6a466ae83750e460e67 | Triage

Submit
Reports

Overview

overview

Static

static

JaffaCakes...67.dll

windows7-x64

9

JaffaCakes...67.dll

windows10-2004-x64

9

Sharing

General

Target

JaffaCakes118_8b5ecfd8c02d9f39a1ca89650375eddb17642ea1a745c6a466ae83750e460e67
Size

2.3MB
Sample

241226-vchdws1mcv
MD5

ef0a7f6b37f5a9292ab64f540ccfc481
SHA1

9e3a69ad4e885aedb24d4a7c4deae3a09b1e4dfe
SHA256

8b5ecfd8c02d9f39a1ca89650375eddb17642ea1a745c6a466ae83750e460e67
SHA512

9b2e1734228f808b43b71d39bcd47dbdebdba983cd488b7791ef8db8f68c4bc98cbca05ea0561e6642d0242a15b8d846cff991a76c23a2ee139a5341827b409e
SSDEEP

49152:2te5uI3Oe4DiBqcWeyh7p4JumqBq7CdJyWzqPGmTL5x:253YumB7C/1mn5

Score

10^/10

bumblebee vps1 evasion

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_8b5ecfd8c02d9f39a1ca89650375eddb17642ea1a745c6a466ae83750e460e67.dll

Resource

win7-20240729-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_8b5ecfd8c02d9f39a1ca89650375eddb17642ea1a745c6a466ae83750e460e67.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

bumblebee

Botnet

VPS1

C2

45.147.229.23:443

Targets

- Target
  
  JaffaCakes118_8b5ecfd8c02d9f39a1ca89650375eddb17642ea1a745c6a466ae83750e460e67
- Size
  
  2.3MB
- MD5
  
  ef0a7f6b37f5a9292ab64f540ccfc481
- SHA1
  
  9e3a69ad4e885aedb24d4a7c4deae3a09b1e4dfe
- SHA256
  
  8b5ecfd8c02d9f39a1ca89650375eddb17642ea1a745c6a466ae83750e460e67
- SHA512
  
  9b2e1734228f808b43b71d39bcd47dbdebdba983cd488b7791ef8db8f68c4bc98cbca05ea0561e6642d0242a15b8d846cff991a76c23a2ee139a5341827b409e
- SSDEEP
  
  49152:2te5uI3Oe4DiBqcWeyh7p4JumqBq7CdJyWzqPGmTL5x:253YumB7C/1mn5
Score

9^/10

evasion
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy