General
-
Target
bb.img
-
Size
2.7MB
-
Sample
220905-jez6yadbcp
-
MD5
19b54d91705cce89218ece1e52bdb7ad
-
SHA1
905723cb555878c30990b4dde712279a9dd62f25
-
SHA256
fe2568cea3666dd24343675139ecc41ed6515bb7ef3a8c429d081d77ce4fecb4
-
SHA512
9c03491da4b2f2232e3a41532bc5dfca3c311c4661e4ad04a4f0af1cfe0c26f1f7b171190531e4b2362c280cfdd93bdc4ac9dcf290f157edb90be33a37f48adc
-
SSDEEP
49152:2ayur8YwnS01ZT37lLtdgnU46t5ABYUwdXgHJS0IHgGRtO2a8:2jQ8YwnS01pt5ABYUwdXgOA0
Malware Config
Extracted
bumblebee
0209
159.196.99.235:220
46.241.88.151:473
163.42.208.175:408
145.251.206.111:433
132.48.91.216:310
161.93.194.47:182
218.182.82.154:398
145.239.30.219:443
202.2.19.182:100
98.24.210.54:363
235.13.194.195:257
56.105.54.206:125
212.182.37.77:468
206.189.172.134:307
172.87.185.49:402
210.164.71.146:202
95.102.250.247:112
17.218.240.241:314
118.117.38.104:479
254.167.162.25:158
Targets
-
-
Target
bb.img
-
Size
2.7MB
-
MD5
19b54d91705cce89218ece1e52bdb7ad
-
SHA1
905723cb555878c30990b4dde712279a9dd62f25
-
SHA256
fe2568cea3666dd24343675139ecc41ed6515bb7ef3a8c429d081d77ce4fecb4
-
SHA512
9c03491da4b2f2232e3a41532bc5dfca3c311c4661e4ad04a4f0af1cfe0c26f1f7b171190531e4b2362c280cfdd93bdc4ac9dcf290f157edb90be33a37f48adc
-
SSDEEP
49152:2ayur8YwnS01ZT37lLtdgnU46t5ABYUwdXgHJS0IHgGRtO2a8:2jQ8YwnS01pt5ABYUwdXgOA0
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-