General
-
Target
JsUDviXDiDBFhx.dll
-
Size
1.8MB
-
Sample
220830-2npqnscgfr
-
MD5
bce81d0fe5a5f2ec833b1890fa8a1cc5
-
SHA1
6c1e9bea7c9e7057ef40946abb97a3e60026a61c
-
SHA256
d70e30304c53b7b9f9f5d4409f0ac9b6713709d45fdc1f1bf65fe9f1ad539d1d
-
SHA512
de6ca51763ae07548208da7931f992d26ab357141d6a1b1d54f54f66f83a7317756f6a6ae8c0a47e9d379c15eb4eecf8596c12c70cd9e8c7f888b0d16d1a46c0
-
SSDEEP
24576:0N874KCVg2wUnXrUupzjXxbXQvHYOsmzOTp+U7pXXUL7SmI5y0fvFj1kqRIN3Qtt:0N87jcHwgXr5tToHYOsmSTx7pXkOy
Malware Config
Extracted
bumblebee
2608
106.105.40.37:281
224.63.194.81:125
122.61.32.33:499
195.167.135.231:104
253.87.116.144:132
115.118.214.197:398
208.46.210.160:259
151.45.81.241:319
231.115.169.144:479
211.3.163.223:438
205.185.116.99:443
72.129.220.46:326
58.237.169.212:157
116.14.243.168:325
172.115.124.76:463
197.182.124.10:479
59.253.233.208:344
37.224.208.59:206
186.92.108.120:154
198.98.52.246:443
Targets
-
-
Target
JsUDviXDiDBFhx.dll
-
Size
1.8MB
-
MD5
bce81d0fe5a5f2ec833b1890fa8a1cc5
-
SHA1
6c1e9bea7c9e7057ef40946abb97a3e60026a61c
-
SHA256
d70e30304c53b7b9f9f5d4409f0ac9b6713709d45fdc1f1bf65fe9f1ad539d1d
-
SHA512
de6ca51763ae07548208da7931f992d26ab357141d6a1b1d54f54f66f83a7317756f6a6ae8c0a47e9d379c15eb4eecf8596c12c70cd9e8c7f888b0d16d1a46c0
-
SSDEEP
24576:0N874KCVg2wUnXrUupzjXxbXQvHYOsmzOTp+U7pXXUL7SmI5y0fvFj1kqRIN3Qtt:0N87jcHwgXr5tToHYOsmSTx7pXkOy
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-