General
-
Target
7613476186.zip
-
Size
956KB
-
Sample
220628-yhzrxadge6
-
MD5
59761f64c7fd780ecd88d6d42d202304
-
SHA1
80cf7a8d7fa81a3bd38aa08e7bf8d02bc5e6408e
-
SHA256
4633d69edc7b5071d83d6d186abbb4cf68c475731a0c070d2f66d7e31b861bd8
-
SHA512
a546b57d2b7a81ae47f3c80385acec7c06c1655d62fc727de4759fbb964d7d7ad5fa1ca81f9b09e905ed66a18fd92b8a8a82129cde1003ecd26d8a6d017c4ce2
Malware Config
Extracted
bumblebee
286a
40.126.50.56:271
185.62.58.175:443
3.27.187.15:317
28.236.100.216:424
75.72.64.79:334
156.148.26.226:446
104.83.15.21:107
199.236.144.121:106
6.23.156.239:194
211.73.200.45:129
240.230.245.154:407
209.141.58.141:443
35.225.143.246:179
212.151.132.229:145
163.192.104.228:409
138.84.254.103:385
52.100.187.210:219
74.205.65.255:245
233.96.129.4:276
114.35.182.27:323
Targets
-
-
Target
b0df5ebbe715a93804e3313338175ee9d6d4282ae66ab595d00dcfab75adb710
-
Size
1.7MB
-
MD5
b70fddecccb484de9bd858ef9d5b4e29
-
SHA1
8402ae5159d6e507ab0131a865a3181698914156
-
SHA256
b0df5ebbe715a93804e3313338175ee9d6d4282ae66ab595d00dcfab75adb710
-
SHA512
24958dde755fd76a67f0b57187d4f45748eeececf0e2fd3a0e85865749b49439a8bb48150f78d838343b7348bc7450dc25ec75ddeb4a5b06130f691105e932eb
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-