General
-
Target
7635416121.zip
-
Size
870KB
-
Sample
220627-x5b4paegc6
-
MD5
fceb3db4cb285b0aed1595d581a5ccd0
-
SHA1
7b596ab997b530edb85b7017bb4d82bd5176c5fe
-
SHA256
13a9cd2c532831e30d652104de92af1ea3b84754471217d0b736a30c72921b8f
-
SHA512
3b390188a72b83f83a8c54890f58cad4b064197d7eb1ed7e1a71b1bc615620b5e90f6b7b2a76242dabe42e0a6391923d243019364ff89f123529ae14a447cc89
Malware Config
Extracted
bumblebee
246a
231.215.229.228:485
69.52.231.230:347
239.99.55.244:383
128.197.89.141:438
100.75.172.149:488
23.82.141.11:443
107.77.228.163:260
88.232.241.45:176
51.83.253.131:443
80.194.203.32:143
18.248.93.197:110
200.194.145.202:359
154.56.0.111:443
154.207.124.132:129
174.104.34.167:296
84.224.237.39:382
195.250.7.94:370
237.251.89.198:174
81.39.2.175:407
139.203.193.38:443
Targets
-
-
Target
037ae9d6d426d941891dd738f8bc499c93a5429efcfa261ef2755aed550d2d7c
-
Size
1.3MB
-
MD5
e0f372f1c60780342de156d1255402bc
-
SHA1
3f8b9792bd430ee579d798fa5ab6b5854d22b2ab
-
SHA256
037ae9d6d426d941891dd738f8bc499c93a5429efcfa261ef2755aed550d2d7c
-
SHA512
abb3789e02e66d169439252aaeeade8eaea1ec1e7955a2b3fe929bed525ca1d43e7c44f8a59f3c4388cffd68f04950861c23d325b964c72d3227fa5e7bb0f188
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-