General
-
Target
d04578d91b1921355bfa4ba691a6f91b6e896a84efd33b389451488c56be63b7
-
Size
1.5MB
-
Sample
220630-e9dh7sfhbp
-
MD5
2edde858ea2eefa639ea23a7d63e5fa9
-
SHA1
448d8434c7b7265aa4fe2004d9a83add9583ee6b
-
SHA256
d04578d91b1921355bfa4ba691a6f91b6e896a84efd33b389451488c56be63b7
-
SHA512
ace5e65085ac71e7b06a5065d8f5df881f69ee7bdcc62b9c829487dbd76c951e831bccbc93fbb4e7559b7b62f52d7a01ded4ee13327012b2006215ac1ddb9213
Malware Config
Extracted
bumblebee
296a
218.17.34.195:107
108.62.118.145:443
195.193.46.112:234
224.8.125.117:383
174.230.203.32:222
159.248.111.91:306
195.86.112.33:266
140.112.120.134:115
222.137.120.137:146
56.248.40.53:437
83.249.212.150:127
2.100.7.120:332
134.76.108.38:304
61.213.140.44:487
174.58.214.252:228
229.192.93.82:321
40.47.149.113:157
95.46.196.232:438
77.180.42.62:122
42.104.196.184:489
Targets
-
-
Target
d04578d91b1921355bfa4ba691a6f91b6e896a84efd33b389451488c56be63b7
-
Size
1.5MB
-
MD5
2edde858ea2eefa639ea23a7d63e5fa9
-
SHA1
448d8434c7b7265aa4fe2004d9a83add9583ee6b
-
SHA256
d04578d91b1921355bfa4ba691a6f91b6e896a84efd33b389451488c56be63b7
-
SHA512
ace5e65085ac71e7b06a5065d8f5df881f69ee7bdcc62b9c829487dbd76c951e831bccbc93fbb4e7559b7b62f52d7a01ded4ee13327012b2006215ac1ddb9213
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-