General
-
Target
7613986122.zip
-
Size
939KB
-
Sample
220617-pvgmeseeb8
-
MD5
4c398f4b21267acc368ff0b8f52129b6
-
SHA1
d4d3ffd343b2458172e12993a897d433e24031d9
-
SHA256
ed3aaaa4b1c47b61cc05ff85a48a3e439b1a4acd99e87d1c03cd14ce1f3bc098
-
SHA512
308ffe8cc3a360974e11503e12c62ec0a57683817621b6c929074d0bd10033454913940cf0b506881c6d17526d00a5c09e0dd4d4851c5fbabacccbc5bf15d415
Malware Config
Extracted
bumblebee
166a
85.239.33.172:443
25.5.198.104:440
223.31.110.102:393
213.226.100.95:443
25.181.64.39:236
199.193.159.46:283
45.138.172.246:443
84.250.88.57:386
145.244.80.29:230
133.17.128.73:319
14.102.170.127:377
1.39.166.217:166
14.40.68.19:391
146.19.173.186:443
199.201.12.90:201
212.110.132.77:289
69.38.43.160:207
131.169.248.28:201
141.178.39.245:323
28.148.236.16:485
Targets
-
-
Target
54bed834c04ae9d6971b63eab0342bf39cf0c4454c7519cfc6861638ca6090bd
-
Size
1.8MB
-
MD5
0c96812e195ff482bf9679fe348b3428
-
SHA1
7c39f792665a5b0619c97415f1080a10b89d9f80
-
SHA256
54bed834c04ae9d6971b63eab0342bf39cf0c4454c7519cfc6861638ca6090bd
-
SHA512
ac0b32d21d3c2fde8f16ba5080a6992bbd264a62fb31535f971502276114f18d41f2c668cc7f6de00946c1720fd4ea0aa268cb4cf221ba2e22c049f319f8bc39
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-