General
-
Target
7623716124.zip
-
Size
972KB
-
Sample
220622-ycs26sacdq
-
MD5
93244cc5e2a69424f27db4d0c9b06bcd
-
SHA1
1b40e934d62ef88c6042dd2e03c2b252fa4744a9
-
SHA256
4e90b249483d98c4d895b9cef2a2767922a0957278db76fc484ee91d15f30fbe
-
SHA512
1f8feb146cbe75e1b8c0a5be67938f9f98116b9788339bceacfc839da5caa8b64463fd021ae78df9f9678f7b9a0898d9a63b30f9844ea67934dc9abe7b0b93d3
Malware Config
Extracted
bumblebee
226a
168.70.217.241:205
3.61.192.86:251
185.62.56.129:443
55.206.169.156:176
197.117.149.198:168
198.66.48.194:244
5.148.218.160:315
6.47.235.79:269
69.236.32.92:449
24.116.129.240:349
236.131.245.48:208
73.170.3.133:207
95.65.102.90:160
23.29.115.172:443
194.34.252.46:467
165.101.56.239:119
14.95.135.133:198
64.52.62.212:312
24.54.105.24:184
162.1.40.227:113
Targets
-
-
Target
be2092d9df8d3dbd6e1f0ca9a9abaf89bd8b8427dd94d7856ae5097679febcf6
-
Size
1.7MB
-
MD5
fdc7aae738ee93bfbcc3aabebe393084
-
SHA1
16c3bb5c965f806d2d913e09a5ddc137746c9f3a
-
SHA256
be2092d9df8d3dbd6e1f0ca9a9abaf89bd8b8427dd94d7856ae5097679febcf6
-
SHA512
7ceeac8fe9841397ec7dc6a6550fb9688a547fcd568299dac9807fb64c4b73bedeebad2acf35acf9a98db025f309e5b3dfe85703712642a035f22d16e15a4bfe
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-