General
-
Target
file.dll
-
Size
1.3MB
-
Sample
220624-2vvkhaaga3
-
MD5
18aca7481b515ac30a6e2122fcc02a28
-
SHA1
6ba63d95420b58e8a98d886159afe4ec529d08b9
-
SHA256
0301a8c454da987b5ef35e0b2242903b809e2bec76d495d172c3824d4e396c61
-
SHA512
7110d6887c53c314ad7e41fbed6ee0167fc97694fa74fa39879a563648bfec6c756103d9ce1410a2f3150d461f582a805d0610dad1fa5929f40451caa350ac1c
Malware Config
Extracted
bumblebee
246a
231.215.229.228:485
69.52.231.230:347
239.99.55.244:383
128.197.89.141:438
100.75.172.149:488
23.82.141.11:443
107.77.228.163:260
88.232.241.45:176
51.83.253.131:443
80.194.203.32:143
18.248.93.197:110
200.194.145.202:359
154.56.0.111:443
154.207.124.132:129
174.104.34.167:296
84.224.237.39:382
195.250.7.94:370
237.251.89.198:174
81.39.2.175:407
139.203.193.38:443
Targets
-
-
Target
file.dll
-
Size
1.3MB
-
MD5
18aca7481b515ac30a6e2122fcc02a28
-
SHA1
6ba63d95420b58e8a98d886159afe4ec529d08b9
-
SHA256
0301a8c454da987b5ef35e0b2242903b809e2bec76d495d172c3824d4e396c61
-
SHA512
7110d6887c53c314ad7e41fbed6ee0167fc97694fa74fa39879a563648bfec6c756103d9ce1410a2f3150d461f582a805d0610dad1fa5929f40451caa350ac1c
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-