General
-
Target
sec.dll
-
Size
1.7MB
-
Sample
220628-2v2zkschgl
-
MD5
a30bf883c38b54c3b22a2f8ccfb1bd8a
-
SHA1
9a5ec009753040c5214b864d9d271901eb4542ac
-
SHA256
95a6114c8b9879ebc9a0142fcd46d41dd428380a27d5b396a232f42e4a505fb2
-
SHA512
64d3f30c8564e4eedecd7f3f8c3b1eafaa3d781fb5bef39825ea1b8fdd1f39c38ac477f08a7a147fcb2f404c32ded7ae841b5bb443070945e1aa60668838ed58
Malware Config
Extracted
bumblebee
286a
40.126.50.56:271
185.62.58.175:443
3.27.187.15:317
28.236.100.216:424
75.72.64.79:334
156.148.26.226:446
104.83.15.21:107
199.236.144.121:106
6.23.156.239:194
211.73.200.45:129
240.230.245.154:407
209.141.58.141:443
35.225.143.246:179
212.151.132.229:145
163.192.104.228:409
138.84.254.103:385
52.100.187.210:219
74.205.65.255:245
233.96.129.4:276
114.35.182.27:323
Targets
-
-
Target
sec.dll
-
Size
1.7MB
-
MD5
a30bf883c38b54c3b22a2f8ccfb1bd8a
-
SHA1
9a5ec009753040c5214b864d9d271901eb4542ac
-
SHA256
95a6114c8b9879ebc9a0142fcd46d41dd428380a27d5b396a232f42e4a505fb2
-
SHA512
64d3f30c8564e4eedecd7f3f8c3b1eafaa3d781fb5bef39825ea1b8fdd1f39c38ac477f08a7a147fcb2f404c32ded7ae841b5bb443070945e1aa60668838ed58
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-