General
-
Target
78c5d780b2ca553cbd3fb0140813e0e1fb7c48491090df605f03c309d0086baf.7z
-
Size
888KB
-
Sample
220625-1ffblafab8
-
MD5
30b8ce14f25d91ce395d63ab2d0492c4
-
SHA1
e2304aedc60eb4fc542be8a9ed21a5e18a50ef69
-
SHA256
c23d3e1959f0ec87196cd71b426d25dd703256f6e93fdf90f19256660bc630c3
-
SHA512
7104b016fac3a4f054948d47d6e67f268728ef95965facd33fb0d9a3c71ec719cc1e5d4fbb3cd9b9f6722358c46516a5e2a974ddaf3e8d78c66f9e8b16b9016d
Malware Config
Extracted
bumblebee
1406r
39.57.152.217:440
69.161.201.181:382
244.6.154.71:111
193.233.203.156:443
221.106.84.123:307
194.135.33.148:443
111.99.39.11:387
223.243.46.133:147
48.165.175.199:316
78.89.31.86:229
157.17.142.85:406
90.81.8.16:370
21.29.238.98:209
154.56.0.252:443
103.175.16.108:443
188.57.4.52:357
15.209.19.148:466
160.70.24.228:486
33.145.184.132:240
235.126.132.170:106
Targets
-
-
Target
78c5d780b2ca553cbd3fb0140813e0e1fb7c48491090df605f03c309d0086baf.exe
-
Size
1.7MB
-
MD5
fab844f64a60f24b27097d3b7b93cc11
-
SHA1
668e08011689b809bc231a6bc31ddd6ea576942d
-
SHA256
78c5d780b2ca553cbd3fb0140813e0e1fb7c48491090df605f03c309d0086baf
-
SHA512
c9a23c502462438a9d3ba14036d332d51074a838d28968e48fa2711b9d53897b052efe6787576bfd4e4ccb8e43e5e13fd9fa7feb46e915a7d8c79060e8d38a1e
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-