General
-
Target
ccde5e528a8da994b3cd96a988023acd16a78a9cea4fe5dc1b41d9a72890a995.zip
-
Size
885KB
-
Sample
220614-nnwx4adefn
-
MD5
93c1dda23a8f688b0dce41fcb2a69d74
-
SHA1
02d6aefcca36ac73d1ce89bf88180599b38b1e16
-
SHA256
105b94eaf4e5ebeda761120a0d102693ef94d670b42c18a1b5b3fb2ce297ff20
-
SHA512
d50859c398b9004ae3ad24106a9e05393cb0238954ef509ab33b129507533dcdbedfff9dec2a86e04255db3a6846e26a668f6a1359f95a6226fd19e21d9633a4
Malware Config
Extracted
bumblebee
a10
45.153.240.155:443
142.11.196.174:443
54.37.130.166:443
146.70.95.244:443
185.62.57.19:443
45.153.240.139:443
103.144.139.18:443
51.68.147.233:443
185.62.56.128:443
51.83.251.245:443
185.62.56.21:443
154.56.0.236:443
104.168.164.153:443
193.27.14.242:443
146.70.53.183:443
146.19.253.15:443
160.20.147.191:443
79.110.52.236:443
37.72.174.23:443
64.44.135.230:443
Targets
-
-
Target
ccde5e528a8da994b3cd96a988023acd16a78a9cea4fe5dc1b41d9a72890a995.exe
-
Size
1.4MB
-
MD5
ccd45fd7136d6c54e31d1703164fa855
-
SHA1
e71645b6a0d82b0c3a1c7326e07140a8333229b3
-
SHA256
ccde5e528a8da994b3cd96a988023acd16a78a9cea4fe5dc1b41d9a72890a995
-
SHA512
f254c19b8c6cab02b277833d8b4b96ae7182d22e3a4d580780fd3e3f1d1c8392430f0431cf8d0f27504e3b8faf88b0372947279fabce921f09191624dabff104
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-