General
-
Target
timi4r.dll
-
Size
1.7MB
-
Sample
220829-vk48macdam
-
MD5
6b57fa501321b2ac4f67643f3efc389f
-
SHA1
a4654130534ad4644da52f758b35de784c01913d
-
SHA256
76e4742d9e7f4fd3a74a98c006dfdce23c2f9434e48809d62772acff169c3549
-
SHA512
ccbac2fe07f5490226cbd05314af4c93557aca8fd2ea943a1f75cdd6fa94aff94533ab0ef2ad00ca1be9cc4623e4b8025fe56fadf348d8bf8fe2a312b3e34ea6
-
SSDEEP
24576:FlfKjRXMDFHC/bemHc+X2eiE3WwDFecqDR9:F9+RUHCjem8+GeCwDFecqDR9
Malware Config
Extracted
bumblebee
1406r
39.57.152.217:440
69.161.201.181:382
244.6.154.71:111
193.233.203.156:443
221.106.84.123:307
194.135.33.148:443
111.99.39.11:387
223.243.46.133:147
48.165.175.199:316
78.89.31.86:229
157.17.142.85:406
90.81.8.16:370
21.29.238.98:209
154.56.0.252:443
103.175.16.108:443
188.57.4.52:357
15.209.19.148:466
160.70.24.228:486
33.145.184.132:240
235.126.132.170:106
Targets
-
-
Target
timi4r.dll
-
Size
1.7MB
-
MD5
6b57fa501321b2ac4f67643f3efc389f
-
SHA1
a4654130534ad4644da52f758b35de784c01913d
-
SHA256
76e4742d9e7f4fd3a74a98c006dfdce23c2f9434e48809d62772acff169c3549
-
SHA512
ccbac2fe07f5490226cbd05314af4c93557aca8fd2ea943a1f75cdd6fa94aff94533ab0ef2ad00ca1be9cc4623e4b8025fe56fadf348d8bf8fe2a312b3e34ea6
-
SSDEEP
24576:FlfKjRXMDFHC/bemHc+X2eiE3WwDFecqDR9:F9+RUHCjem8+GeCwDFecqDR9
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-