General
-
Target
413915
-
Size
3.6MB
-
Sample
220505-f9t2mafbh9
-
MD5
6909250134a5290f9a0223878b914760
-
SHA1
53dad515d7de0adc185682a47a60e63fcdf0fc4b
-
SHA256
33203446cd754cf91dddebec42fa3340e24d232f6e5792448c9c30b1c852fb1d
-
SHA512
437576ae6345a09893d6430eff2fa024244cea7032db5a5ad8e2a56c59a1a37c1e28d1b3b3b4a26979ed6122fc5c303821f94956f328931ccd9f16726e3a8aa2
Malware Config
Extracted
bumblebee
23.82.128.149:443
108.62.12.203:443
-
group_id
mc405
BLACK
Targets
-
-
Target
413915
-
Size
3.6MB
-
MD5
6909250134a5290f9a0223878b914760
-
SHA1
53dad515d7de0adc185682a47a60e63fcdf0fc4b
-
SHA256
33203446cd754cf91dddebec42fa3340e24d232f6e5792448c9c30b1c852fb1d
-
SHA512
437576ae6345a09893d6430eff2fa024244cea7032db5a5ad8e2a56c59a1a37c1e28d1b3b3b4a26979ed6122fc5c303821f94956f328931ccd9f16726e3a8aa2
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-