General
-
Target
HKpiLfqChJKPLc.dll
-
Size
1.2MB
-
Sample
220901-yme83aacgn
-
MD5
a2a55bdae16915aea3bc1933b04eb5e1
-
SHA1
83e2082f4b30e6475fdf0eeb435f7ef8500363a4
-
SHA256
6b3a8f1b3ee2f33912815aa18ed89184ffcc0ddf8619b7551aba216e20e1fe88
-
SHA512
46269e04b69f1e8fa6346905becfc3e3cfd08a4ec781b11ef4d16b7c4d70fba5186245986b31f68f57866f755c133c248d057e9ea5ccbbb83175e6905401a9f8
-
SSDEEP
24576:v2g6iSk124v3QMwo04WbKpHd/bq2Nf6lRcN5AWwem6EU0MmJO85:ug6iH13l04yK7/bERcLwBLKU
Malware Config
Extracted
bumblebee
0109
238.135.187.178:122
139.250.85.120:389
48.125.193.25:152
114.213.187.231:380
111.253.120.98:250
226.62.116.55:344
167.157.111.216:424
172.237.68.92:206
16.58.16.45:200
250.119.214.35:204
3.103.169.104:449
241.138.197.72:484
217.78.123.134:168
111.153.255.170:258
44.157.167.56:261
88.38.249.218:141
124.110.55.236:298
248.92.195.241:424
244.202.83.43:409
106.233.170.108:279
Targets
-
-
Target
HKpiLfqChJKPLc.dll
-
Size
1.2MB
-
MD5
a2a55bdae16915aea3bc1933b04eb5e1
-
SHA1
83e2082f4b30e6475fdf0eeb435f7ef8500363a4
-
SHA256
6b3a8f1b3ee2f33912815aa18ed89184ffcc0ddf8619b7551aba216e20e1fe88
-
SHA512
46269e04b69f1e8fa6346905becfc3e3cfd08a4ec781b11ef4d16b7c4d70fba5186245986b31f68f57866f755c133c248d057e9ea5ccbbb83175e6905401a9f8
-
SSDEEP
24576:v2g6iSk124v3QMwo04WbKpHd/bq2Nf6lRcN5AWwem6EU0MmJO85:ug6iH13l04yK7/bERcLwBLKU
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-