General
-
Target
d6280fd8cb64224c747ac376c7f2db0b88a5d366dff2dc28a0b2fb14d1bfa538
-
Size
1.4MB
-
Sample
220830-x7cg8sggb2
-
MD5
66e165bc3ba1eee99b68b740a77e250b
-
SHA1
29d7526882c9a2cecc218cfc557693d981dcb594
-
SHA256
d6280fd8cb64224c747ac376c7f2db0b88a5d366dff2dc28a0b2fb14d1bfa538
-
SHA512
f3ff41d11eef87c31e42fb8c5b3a1195dd10f472cb7ac455a58a84699e1a14426a3d8639708c56b5916d0ef04e2ef13008b65835259737656cae4e8735bfb360
-
SSDEEP
24576:cBIspDFt51KBpJHgFoQfiBkgjuuYMfTkUq0uPnUgtpij/3YnV:EpDX51KBpRRBdjiqT1EnTij
Malware Config
Extracted
bumblebee
2908
64.44.98.213:443
100.113.3.207:189
248.191.121.15:332
169.102.141.78:250
161.202.4.242:333
112.151.217.255:451
185.17.40.189:443
10.41.59.121:290
229.229.228.155:345
147.254.231.107:449
105.222.222.48:403
87.37.138.133:474
67.120.105.118:346
159.140.31.255:474
88.205.174.117:143
163.164.171.23:319
111.231.132.164:372
212.58.118.174:298
138.20.6.192:225
156.130.113.183:393
Targets
-
-
Target
d6280fd8cb64224c747ac376c7f2db0b88a5d366dff2dc28a0b2fb14d1bfa538
-
Size
1.4MB
-
MD5
66e165bc3ba1eee99b68b740a77e250b
-
SHA1
29d7526882c9a2cecc218cfc557693d981dcb594
-
SHA256
d6280fd8cb64224c747ac376c7f2db0b88a5d366dff2dc28a0b2fb14d1bfa538
-
SHA512
f3ff41d11eef87c31e42fb8c5b3a1195dd10f472cb7ac455a58a84699e1a14426a3d8639708c56b5916d0ef04e2ef13008b65835259737656cae4e8735bfb360
-
SSDEEP
24576:cBIspDFt51KBpJHgFoQfiBkgjuuYMfTkUq0uPnUgtpij/3YnV:EpDX51KBpRRBdjiqT1EnTij
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-