General
-
Target
8e4fdc6db367e299844c890efda88425da66e7f6247b11e89a0eba7fd7c57588.zip
-
Size
3.1MB
-
Sample
220618-dzkn4aedbj
-
MD5
a515d83b2794491048040a28d85fe75d
-
SHA1
fddb57bedf443d63f57d39e8dc0f07c9c520f8e2
-
SHA256
8e4fdc6db367e299844c890efda88425da66e7f6247b11e89a0eba7fd7c57588
-
SHA512
f684bea03072dfc1c9cfb44ca5c63bbccb0a897d0b4ed59f0fcf4005eaa901d1143aca68b77544e748526a346879ecb0d988469ef3bac6bef7219aa14bc550b7
Malware Config
Extracted
https://pidipurev.com/a1799.hta
Extracted
https://pidipurev.com/a1799.hta
Extracted
bumblebee
a17
220.111.119.123:476
90.12.112.169:180
146.70.124.116:443
47.27.63.45:115
77.45.24.148:444
11.1.201.27:344
224.200.37.92:481
103.175.16.38:443
188.8.220.88:269
12.202.229.195:440
41.56.181.200:486
173.171.60.50:394
5.152.80.211:121
88.158.143.245:189
57.242.85.233:131
30.205.76.70:490
45.138.172.246:443
213.226.100.95:443
46.44.240.53:361
151.75.118.144:368
Targets
-
-
Target
8e4fdc6db367e299844c890efda88425da66e7f6247b11e89a0eba7fd7c57588.zip
-
Size
3.1MB
-
MD5
a515d83b2794491048040a28d85fe75d
-
SHA1
fddb57bedf443d63f57d39e8dc0f07c9c520f8e2
-
SHA256
8e4fdc6db367e299844c890efda88425da66e7f6247b11e89a0eba7fd7c57588
-
SHA512
f684bea03072dfc1c9cfb44ca5c63bbccb0a897d0b4ed59f0fcf4005eaa901d1143aca68b77544e748526a346879ecb0d988469ef3bac6bef7219aa14bc550b7
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-