General
-
Target
projectr.dll
-
Size
1.8MB
-
Sample
220624-lpbx7secb7
-
MD5
546d975e638d044bc23c7f1bf4122d26
-
SHA1
2efd0d398b648d5c70db7d15b1893eb19519ae74
-
SHA256
287055194e83ab2a8d91ef4d187de57345c19018cf3a85024c4fd20c64ad689e
-
SHA512
7e4709e4dd18965966466334870488b4469e9920c5ae5bbc8bbd2249d2071744ba9c3d169be5d1d9280555465fc8659df4e7059a67f5ceca7f76dc8aa388a610
Malware Config
Extracted
bumblebee
236a
146.19.173.191:443
205.218.26.106:335
133.228.15.13:127
60.3.192.137:146
146.70.124.97:443
40.178.16.145:137
216.149.130.58:162
121.214.140.226:358
54.200.237.168:311
85.217.238.89:286
23.82.141.11:443
135.49.247.231:357
105.99.153.173:436
226.179.144.85:474
115.177.167.79:268
23.29.115.172:443
242.165.229.167:492
238.78.243.167:401
28.192.253.108:405
82.217.32.8:253
Targets
-
-
Target
projectr.dll
-
Size
1.8MB
-
MD5
546d975e638d044bc23c7f1bf4122d26
-
SHA1
2efd0d398b648d5c70db7d15b1893eb19519ae74
-
SHA256
287055194e83ab2a8d91ef4d187de57345c19018cf3a85024c4fd20c64ad689e
-
SHA512
7e4709e4dd18965966466334870488b4469e9920c5ae5bbc8bbd2249d2071744ba9c3d169be5d1d9280555465fc8659df4e7059a67f5ceca7f76dc8aa388a610
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-