Extracted

• • Target

    d04578d91b1921355bfa4ba691a6f91b6e896a84efd33b389451488c56be63b7

  • Size

    1.5MB

  • MD5

    2edde858ea2eefa639ea23a7d63e5fa9

  • SHA1

    448d8434c7b7265aa4fe2004d9a83add9583ee6b

  • SHA256

    d04578d91b1921355bfa4ba691a6f91b6e896a84efd33b389451488c56be63b7

  • SHA512

    ace5e65085ac71e7b06a5065d8f5df881f69ee7bdcc62b9c829487dbd76c951e831bccbc93fbb4e7559b7b62f52d7a01ded4ee13327012b2006215ac1ddb9213

  Score

  10^/10

  bumblebee296aevasiontrojan

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee

  • Enumerates VirtualBox registry keys

    evasion

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtCreateThreadExHideFromDebugger

  behavioral1behavioral2