General
-
Target
bumblebee.zip
-
Size
1017KB
-
Sample
220609-fpfy9shfb4
-
MD5
0a6da1819b3dd8dabaa39901c656b6d1
-
SHA1
7b0511e4b55567f67f2f8c5bb312b40335679c87
-
SHA256
7db17563b342236a463c44eb4b875b4334386f1b1460782f0207090b58c6afb4
-
SHA512
f0efaa2bf872255fe4b7faf5f16633ff737c0119e6ae05d09b1c28acb9aef096697f69dd24c388eaa3547dd9baed814506b271cdd05e7615a7f67d01ae7cea32
Malware Config
Extracted
bumblebee
8a
45.153.240.155:443
142.11.196.174:443
54.37.130.166:443
146.70.95.244:443
185.62.57.19:443
45.153.240.139:443
103.144.139.18:443
51.68.147.233:443
185.62.56.128:443
51.83.251.245:443
185.62.56.21:443
154.56.0.236:443
104.168.164.153:443
193.27.14.242:443
146.70.53.183:443
146.19.253.15:443
160.20.147.191:443
79.110.52.236:443
37.72.174.23:443
64.44.135.230:443
Targets
-
-
Target
run.bat
-
Size
77B
-
MD5
3ac55d9620e3ad3c0a3d3eb9a39fe173
-
SHA1
2a182584af31414c76434f26568f9d49fbe33da8
-
SHA256
3ac53d1fc124f794da914e7c2c6baa006beba4e87fa9f1656ef22465c61b1e28
-
SHA512
a09bfa6761c0acb515c452732ee4e6d02185a0e0b8c342c76f63b391e8a92711d7e6ee9c28219b8695e7fa60a313b8b900164e3255dcd9338835185e79e38f28
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-