Extracted

• • Target

    copy.dll

  • Size

    1.9MB

  • MD5

    d5fccde510bc32e54b518ecc91484819

  • SHA1

    447a8843d61414826144b6db57e9a5f5ce7577bd

  • SHA256

    2229a110ce64fed2119603f6cbc6a20a62e518f9153eebd9760210cdd48a1a5a

  • SHA512

    b8bb81d90056c8fc2f824e57eedac3541023bec0c1a09b72eaf1b6987cb2b63a665cf7c6ed372ccc69e8c70d44fb981cf29eca5dc4d74c6ec7d3d950ac19dd74

  Score

  3^/10
  behavioral1

• • Target

    run.bat

  • Size

    66B

  • MD5

    08a6b0f19f771bd800591a6bcfe63b42

  • SHA1

    a76d6045a24b8fdf6ff038d28fbf0818cc70daac

  • SHA256

    1a47a931685fad15ac28073e3c4c927e7d20408f9fee680258d7976d4955e4fb

  • SHA512

    f7c8bddac1e15b4d7d3612b09f51023a71450c528213e2720ee4c62f7aa4a9693ca43a9a3d0fb66fe671439fa3cf5875b93a153104f7cedd89bedd69d69c996e

  Score

  10^/10

  bumblebeear25evasiontrojan

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee

  • Enumerates VirtualBox registry keys

    evasion

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  behavioral2