General
-
Target
7629756163.zip
-
Size
900KB
-
Sample
220628-ydsg2abhfk
-
MD5
a5dad3183b4d215025a1ef2531cbd866
-
SHA1
f804f9d9a19ec59fb213eecc1b49b1c0d6044a18
-
SHA256
5e159f2a59dde43cd8ed433caec99b3cb13bcf762d5ec8dac6242c6fbf5936ea
-
SHA512
ae388acd969e19bc7ebb3fe9b6a8d30c61bf086d38828d72393f053c782fe582837e216b62df947b9b6559c8f3d5adcda6ee5c9522905bd979c14c4ef61f67e0
Malware Config
Extracted
bumblebee
236a
146.19.173.191:443
205.218.26.106:335
133.228.15.13:127
60.3.192.137:146
146.70.124.97:443
40.178.16.145:137
216.149.130.58:162
121.214.140.226:358
54.200.237.168:311
85.217.238.89:286
23.82.141.11:443
135.49.247.231:357
105.99.153.173:436
226.179.144.85:474
115.177.167.79:268
23.29.115.172:443
242.165.229.167:492
238.78.243.167:401
28.192.253.108:405
82.217.32.8:253
Targets
-
-
Target
d4884f6b83fef3545c2f884ac137d3e61220a4f79715f0b26a59c6391cee2daa
-
Size
1.8MB
-
MD5
37a9209bf12ad28131c5ea44c7c01d4a
-
SHA1
6346f7020e77ecf1c3484b00515a32ae0ff6e0c1
-
SHA256
d4884f6b83fef3545c2f884ac137d3e61220a4f79715f0b26a59c6391cee2daa
-
SHA512
85adb437fe39756d96182378325763226ef8ba97fe57f9072398992ca186d8b7829c90e0178b7ae8995cd7b952450801b43a76a117fec623cc58149f184b938b
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-