General
-
Target
7597966128.zip
-
Size
986KB
-
Sample
220614-2nalracfg6
-
MD5
5b3af7b5af2f7d656ef6499642b581ed
-
SHA1
5d94971480d400652c6929d05ce38693b1c3cf1a
-
SHA256
46f8ec2b9814cca1ff1bedd1e7d01f35830b043f2b04b49d398dafdd4191c263
-
SHA512
a07b8e4ba3af7a84c20c7acfc0b52accaa75adf0a7d0ed77ac3507b6d583a6bc3b1fa486ac167cf86859122873f8ac70ea53b9a9fcd5b7f3d833e46894ab9347
Malware Config
Extracted
bumblebee
146a
12.236.242.155:211
243.92.11.201:387
182.10.38.85:198
117.75.94.181:456
148.70.67.206:267
247.23.37.74:155
122.247.231.47:117
45.142.214.167:443
171.227.174.67:108
204.1.81.223:110
145.239.28.110:443
170.24.243.46:441
69.235.89.243:366
4.165.175.212:387
76.96.116.176:190
128.44.54.202:493
103.175.16.106:443
40.72.17.141:326
146.19.173.186:443
51.68.145.54:443
Targets
-
-
Target
e0278677544e7b849953d274c8cc64ef6b1c7a1398e4609e6359ef42a5e46227
-
Size
2.0MB
-
MD5
272e27a07706917ba4eb99ee4399d628
-
SHA1
90ab9ec133398a806f578d586ddbee632c45813f
-
SHA256
e0278677544e7b849953d274c8cc64ef6b1c7a1398e4609e6359ef42a5e46227
-
SHA512
48191686afb9ef77da9a89eafb1c23ee8931a54f8c0cc53731e777e73afd5421fc4d008950ba8a3021b0c9cfc19886433102a336b2159c9b955cd4986e0eef5e
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-