General
-
Target
information.dll
-
Size
2.0MB
-
Sample
220616-tng2tsfhfl
-
MD5
c9216484a6371b055705ec5f4098ab01
-
SHA1
a13903e50408e11996159fba5f7deab1e73e8f08
-
SHA256
fed9bc8df9141f8f8f7a9203bc26b5b22123c154702fcd625379f2f7ecd31cb2
-
SHA512
64485bb8e1845a29f9d60343a0bd6fd8de4220aa83f3cd19eed47737642b79db2753106192798d495202e74016f2e845d161c1362ad09b01104f9cfb8c939359
Malware Config
Extracted
bumblebee
146l
242.165.212.79:339
162.144.249.150:239
63.122.120.151:268
144.52.138.51:193
18.215.29.142:436
115.239.67.202:380
255.11.235.99:426
213.203.201.199:307
143.117.20.123:425
141.98.168.70:443
174.150.214.40:426
133.133.249.24:204
126.68.7.249:422
103.175.16.107:443
146.70.124.77:443
154.56.0.100:443
180.184.129.160:223
28.78.74.145:427
108.28.254.44:399
115.103.22.1:153
Targets
-
-
Target
information.dll
-
Size
2.0MB
-
MD5
c9216484a6371b055705ec5f4098ab01
-
SHA1
a13903e50408e11996159fba5f7deab1e73e8f08
-
SHA256
fed9bc8df9141f8f8f7a9203bc26b5b22123c154702fcd625379f2f7ecd31cb2
-
SHA512
64485bb8e1845a29f9d60343a0bd6fd8de4220aa83f3cd19eed47737642b79db2753106192798d495202e74016f2e845d161c1362ad09b01104f9cfb8c939359
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-