General
-
Target
7614576119.zip
-
Size
931KB
-
Sample
220617-pvqkbseeb9
-
MD5
12d47d1f5106a73d47c5536b3fde79c3
-
SHA1
187a74f4cd3c1a2dff191b295a027e71b442c6a4
-
SHA256
e42e39d0e543843dcc8b28b05b24b479dc2a047d75be0c0e1a037d135bfe085d
-
SHA512
4b0b71714a53af7225320c0ccd88a243a237bb59868bc4ee3c53bc9aeebe205311c82aeeb1b503bf1733dfc2d0d9dfe4f63bf07729fd36f35904e332ad8a9af0
Malware Config
Extracted
bumblebee
166
104.249.160.104:286
189.66.81.34:163
100.79.105.250:260
13.212.226.118:312
116.157.108.199:453
222.15.28.157:129
27.214.38.131:299
121.20.115.136:206
20.177.54.206:269
136.184.59.56:157
84.143.63.63:316
185.51.254.4:352
104.208.208.176:177
137.153.85.43:164
204.72.212.17:482
24.74.224.0:496
207.215.82.34:399
255.187.179.67:466
204.224.251.90:185
189.139.73.10:456
Targets
-
-
Target
9266985ca39ce357d011543b618d868065eafa22e0988f64a831a2745337b93c
-
Size
1.7MB
-
MD5
d5e252ef513f49804ed1867091348af4
-
SHA1
f28b33dcca97748f8c65c5595fa836d6e5d9d374
-
SHA256
9266985ca39ce357d011543b618d868065eafa22e0988f64a831a2745337b93c
-
SHA512
1adcfab752d50e33b04a2760a01500399396031ed8c1bddf4c60715909d81b203e613a8a63033f715bc817768290b1becb494e5db22d4a411a9431d2102f4ec4
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-