Extracted

• • Target

    svchost.dll

  • Size

    2.6MB

  • MD5

    1e561bf546eef5bb80e25ae25720199b

  • SHA1

    2b182d08aeb6a4740c543e7e4b0c85034e89953c

  • SHA256

    5bda2ccd3e92981caa7e60e21efa4fb96b6d1f3657361232e4958d900d816d6a

  • SHA512

    3299b2b5436d2e01736a73a03654d4620bd533cb2695c8b9abe4a60cbd42f0155d8f11cb7d3e636b9c5a5caae993db04070f9f828b50e1c9f137760f1f82d255

  • SSDEEP

    49152:/TJbbKekSCr84UEzgNkj+jec62ErgavWUNjEVC82KfVAbP:/TZbKekSCr8FlI+jP67E/UNIVC82qeP

  Score

  10^/10

  bumblebee25htmlevasiontrojan

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee

  • Enumerates VirtualBox registry keys

    evasion

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  behavioral1behavioral2