General
-
Target
ae55a2fd04b046681718c4c0c527faaa4f951980cd8d619ab512a98a32d61c85
-
Size
2.0MB
-
Sample
220708-mvrraadhd4
-
MD5
b38e751e7101c3cc163c6fd77fda959f
-
SHA1
ef125f6a233f7036157d38a02ad09de8226adc13
-
SHA256
ae55a2fd04b046681718c4c0c527faaa4f951980cd8d619ab512a98a32d61c85
-
SHA512
8c0d7434419e07d27d772239ae2c32bd95ad57979e10a8bd7808f1f21215b42ff9497c430127a8b3ec77f9544f9a11a078c1af45776fea1d69775625928c0819
Malware Config
Extracted
bumblebee
707a
172.240.175.194:183
171.85.135.192:358
223.7.203.157:407
45.153.242.183:443
211.68.220.197:102
174.119.130.65:369
202.41.22.30:314
58.10.113.168:308
12.33.69.160:285
205.185.123.137:443
112.188.178.13:332
168.205.228.104:480
83.218.135.147:151
228.175.209.140:269
240.114.36.128:411
8.109.227.172:304
142.11.245.185:443
214.233.117.120:167
198.135.200.7:254
73.74.56.146:272
Targets
-
-
Target
ae55a2fd04b046681718c4c0c527faaa4f951980cd8d619ab512a98a32d61c85
-
Size
2.0MB
-
MD5
b38e751e7101c3cc163c6fd77fda959f
-
SHA1
ef125f6a233f7036157d38a02ad09de8226adc13
-
SHA256
ae55a2fd04b046681718c4c0c527faaa4f951980cd8d619ab512a98a32d61c85
-
SHA512
8c0d7434419e07d27d772239ae2c32bd95ad57979e10a8bd7808f1f21215b42ff9497c430127a8b3ec77f9544f9a11a078c1af45776fea1d69775625928c0819
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-