Extracted

• • Target

    autorun.dll

  • Size

    2.8MB

  • MD5

    8dbc3035b9bb7ba4e7cac241038d239a

  • SHA1

    dd803a0e41bdaa2c2d6ee86bb0dfa288da788bce

  • SHA256

    5be0c2df3f2dbca7bfbe77a8eb96abc472bfc6a566aa26cccd8e9937f446dad3

  • SHA512

    db800f2af108c627fe165c96b42c9efc2bbdd13c67c28aa6c7dd8df79df9ca7e4e4a8cd8587fabdeba7c97c85d7a243191409191035ccfe5683d0ca161f3bf54

  • SSDEEP

    49152:Uahx4O5E8i+IPSliaD9N0Hq5R+jJaRzj4t8MzSRMpENkyk/priDTnJK:fxy8i9snaq5R+jJaRz

  Score

  10^/10

  bumblebeeleg0704evasiontrojan

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee

  • Enumerates VirtualBox registry keys

    evasion

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  behavioral1behavioral2