General
-
Target
7660476120.zip
-
Size
872KB
-
Sample
220627-xsjb8sefg5
-
MD5
dfbbc26db2e2e17ec72db38a29b9cf0f
-
SHA1
aa6aa3db2b4910e42dfbd34c7f5fd4736eef80ec
-
SHA256
7ec8b6ce6f1381c436d7d93153dd47c5ccf92c90792be0c2a07c119e7a7d087e
-
SHA512
e600f238fc9b940a94cb94effd89f55b8cb2641b9f7a3f73edc486872592dcbf1125d95307ffc9d7036da8242a89acff1f263a2afd5993ded8308a114257d0cd
Malware Config
Extracted
bumblebee
276a
100.65.168.129:171
207.177.53.164:325
32.87.78.10:384
117.162.18.77:404
116.176.236.58:151
123.2.128.107:267
169.146.162.63:373
55.115.177.92:239
224.248.147.154:499
88.7.179.62:135
187.218.226.58:319
146.70.106.52:443
8.34.35.232:389
98.116.138.87:321
255.161.114.204:370
159.90.121.44:362
150.226.60.234:160
161.254.115.117:308
211.66.121.128:361
43.10.228.15:400
Targets
-
-
Target
73a31d3ce275e2ac8acfe570a47710ed119e92e6b1860647030d65863145138a
-
Size
1.4MB
-
MD5
5815bcacea7fda37e5e36a2b7c14be34
-
SHA1
b85a94538708a3cd2e3cd04d5b7c3ba1b18e1f71
-
SHA256
73a31d3ce275e2ac8acfe570a47710ed119e92e6b1860647030d65863145138a
-
SHA512
06b89d7673e39e2f7f63dd3b3706a9093227da581ce6db4a4da0d53650656952e0ff2387917c83f51df1f4921d5c53193fc4f0ae8d411de95893917cf9f0dab6
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-