General
-
Target
bumblebee.zip
-
Size
893KB
-
Sample
220609-ttylrshhej
-
MD5
212b41c54a8fbb2085cd9870f0bd66b5
-
SHA1
e619abad3abff2c98db15ef9b5a04597885c1069
-
SHA256
a6385bc42486f67358ac150f680283cffb300c6fe06a77f8b41fc66ef1e91709
-
SHA512
dbec3e6c0ce366a66b9d4710f26642cf74562eb22c275f99c91e894d51fba3330bc37a4da387c12e3342c4bc344c939568f522910124fe0642324567af679b6c
Malware Config
Extracted
bumblebee
9rr
103.175.16.107:443
194.135.33.149:443
154.56.0.241:443
23.254.201.97:443
45.147.229.101:443
185.62.58.169:443
192.236.249.68:443
193.239.84.254:443
37.120.198.248:443
146.19.173.139:443
46.21.153.145:443
149.255.35.134:443
45.147.229.50:443
212.114.52.46:443
103.175.16.122:443
146.19.253.49:443
68.233.238.105:443
64.44.135.250:443
103.175.16.121:443
64.44.102.6:443
Targets
-
-
Target
run.bat
-
Size
54B
-
MD5
db80bc91651a4233aacaea623b8be383
-
SHA1
f71bd2815820c382eafca3c580146d3b16c508f7
-
SHA256
136c0da55ba3631948b910926bc0c749483ea05c5321b0fcb744902d9a71b893
-
SHA512
3deeef25a4c4054dbb5e21db1e0c955ba2dfe9217e05cd3758b489dbd67ae78d45602d57989b6586d5eb03ce88e71098f9c609c96dbf3ad2888a1807782edfe4
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-