Extracted

• • Target

    413915

  • Size

    3.6MB

  • MD5

    6909250134a5290f9a0223878b914760

  • SHA1

    53dad515d7de0adc185682a47a60e63fcdf0fc4b

  • SHA256

    33203446cd754cf91dddebec42fa3340e24d232f6e5792448c9c30b1c852fb1d

  • SHA512

    437576ae6345a09893d6430eff2fa024244cea7032db5a5ad8e2a56c59a1a37c1e28d1b3b3b4a26979ed6122fc5c303821f94956f328931ccd9f16726e3a8aa2

  Score

  10^/10

  bumblebeeevasiontrojan

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee

  • Enumerates VirtualBox registry keys

    evasion

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  behavioral1behavioral2