General
-
Target
document.dll
-
Size
1.4MB
-
Sample
220630-sahkrscaap
-
MD5
e50e41bf9a093738ee06b5955db11ca2
-
SHA1
ac2d1d81c7e1e3f242a0cbd3b552cdf5a6ac075f
-
SHA256
a3c7ed64da6b0a3929ffb607d2ca9216ddd99e591b1c3dc911605631cc378fe9
-
SHA512
2c22fa61fe8a7d66a0a5a7fc428ffe264db028a749b29c77529c74927c4e4d81813039f7f8f3ae706300683dc5fc724bc4a9a5e4eb3cf1fe922ebf00606b3449
Malware Config
Extracted
bumblebee
306f
76.148.239.59:345
164.137.75.183:397
196.230.60.243:288
28.200.131.233:351
156.139.67.244:461
209.141.46.50:443
146.19.173.155:443
60.18.14.24:308
156.26.157.68:310
206.63.122.98:179
255.23.50.218:274
124.177.4.180:404
82.209.238.26:336
122.142.229.194:311
27.183.95.15:443
126.52.147.11:276
104.35.182.83:440
14.58.138.89:277
21.184.24.214:475
214.61.246.124:182
Targets
-
-
Target
document.dll
-
Size
1.4MB
-
MD5
e50e41bf9a093738ee06b5955db11ca2
-
SHA1
ac2d1d81c7e1e3f242a0cbd3b552cdf5a6ac075f
-
SHA256
a3c7ed64da6b0a3929ffb607d2ca9216ddd99e591b1c3dc911605631cc378fe9
-
SHA512
2c22fa61fe8a7d66a0a5a7fc428ffe264db028a749b29c77529c74927c4e4d81813039f7f8f3ae706300683dc5fc724bc4a9a5e4eb3cf1fe922ebf00606b3449
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-