General
-
Target
document.dll
-
Size
1.4MB
-
Sample
220703-trclhsach3
-
MD5
75052460162c6183646c2471656325e5
-
SHA1
0db5117a473a73e328557f5820eac40e7a154edc
-
SHA256
ea8e3b006b33d1a850a24ace898bef873902cbbd8911305f63ebd3cdeb4aff36
-
SHA512
a53795f21bd273a5b2ccd2edf047f546352ff7cb9413a6044d3752c4b83ecbab8e53da45449e24d5cfa08319d70eb2beae82026d767b4eb336f4cb474db60724
Malware Config
Extracted
bumblebee
306f
76.148.239.59:345
164.137.75.183:397
196.230.60.243:288
28.200.131.233:351
156.139.67.244:461
209.141.46.50:443
146.19.173.155:443
60.18.14.24:308
156.26.157.68:310
206.63.122.98:179
255.23.50.218:274
124.177.4.180:404
82.209.238.26:336
122.142.229.194:311
27.183.95.15:443
126.52.147.11:276
104.35.182.83:440
14.58.138.89:277
21.184.24.214:475
214.61.246.124:182
Targets
-
-
Target
document.dll
-
Size
1.4MB
-
MD5
75052460162c6183646c2471656325e5
-
SHA1
0db5117a473a73e328557f5820eac40e7a154edc
-
SHA256
ea8e3b006b33d1a850a24ace898bef873902cbbd8911305f63ebd3cdeb4aff36
-
SHA512
a53795f21bd273a5b2ccd2edf047f546352ff7cb9413a6044d3752c4b83ecbab8e53da45449e24d5cfa08319d70eb2beae82026d767b4eb336f4cb474db60724
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-