General
-
Target
7667376164.zip
-
Size
942KB
-
Sample
220707-17hwssgbd7
-
MD5
aa15e6ec4763d33581e90d9a7ad232f6
-
SHA1
1f5eec293ac479922da60670af0a7daec93753f9
-
SHA256
abc1ccc9cf577125f966ca2c9a5703342aac76d9d5537be738358233f9cb0b34
-
SHA512
7743a0cc890e0e606204fd3a9a890ffda82ce100884b42ad14554a9910d9e4b950cf2d8a036eb746550e3f22a75a10110404bbe1d00695d198bb0d6345c12d26
Malware Config
Extracted
bumblebee
707a
172.240.175.194:183
171.85.135.192:358
223.7.203.157:407
45.153.242.183:443
211.68.220.197:102
174.119.130.65:369
202.41.22.30:314
58.10.113.168:308
12.33.69.160:285
205.185.123.137:443
112.188.178.13:332
168.205.228.104:480
83.218.135.147:151
228.175.209.140:269
240.114.36.128:411
8.109.227.172:304
142.11.245.185:443
214.233.117.120:167
198.135.200.7:254
73.74.56.146:272
Targets
-
-
Target
be3d108ee20b50bb8d488850a564ad24768a855fac4d80c0d3cbd10a36367d50
-
Size
2.0MB
-
MD5
6bb5f98496ee5e24c71fc8357e83c81a
-
SHA1
93f3ad3b39f739c4fd47f7d8ed7a7afd308ed59f
-
SHA256
be3d108ee20b50bb8d488850a564ad24768a855fac4d80c0d3cbd10a36367d50
-
SHA512
d09f98d8fcd92dfccc6e902d973c753a54608f82cfadcaf68aa7f1a46cb48d235af8345acf7f01e897b907d9f2cf240292e46576aa5d2563868dc6376eb3bb60
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-