General
-
Target
nev3erl.bin
-
Size
1.5MB
-
Sample
220621-xkgtfacgb5
-
MD5
b2f7a41d9cd91487b53e4c53d5814ead
-
SHA1
ecde51a37f8f61b4afc7ef5c7ea0c4fd965ca079
-
SHA256
aa51cae27b9fb466ee5975014e621a7f75babc766d6d5311bfd1be3c6d92c657
-
SHA512
447057e4a90b70e93f4600015d5d6b8a141ab641cf9670fe66d9915994bd9e7eff40938703199a7dbfe594c2ee41e7752db65b5ffa5bce7f7e8bb89128441bbe
Malware Config
Extracted
bumblebee
156r
249.241.29.24:181
124.243.81.221:274
142.11.216.143:443
190.123.237.229:261
208.84.180.22:146
103.175.16.106:443
18.8.71.243:176
37.64.220.2:332
100.93.33.185:487
182.62.4.186:282
239.100.121.57:329
228.78.147.191:253
212.234.34.219:148
138.65.77.29:391
55.14.133.44:292
221.238.146.116:272
91.167.137.83:421
66.23.70.38:168
183.37.64.159:220
241.112.226.151:197
Targets
-
-
Target
nev3erl.bin
-
Size
1.5MB
-
MD5
b2f7a41d9cd91487b53e4c53d5814ead
-
SHA1
ecde51a37f8f61b4afc7ef5c7ea0c4fd965ca079
-
SHA256
aa51cae27b9fb466ee5975014e621a7f75babc766d6d5311bfd1be3c6d92c657
-
SHA512
447057e4a90b70e93f4600015d5d6b8a141ab641cf9670fe66d9915994bd9e7eff40938703199a7dbfe594c2ee41e7752db65b5ffa5bce7f7e8bb89128441bbe
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-