Extracted

Extracted

• • Target

    connect.bat

  • Size

    1KB

  • MD5

    f6dfe4999a57ada167f090d6dc982837

  • SHA1

    e0577a468c99c77989a4c8f3da3a8e7c3a3860c6

  • SHA256

    81000ce700ba04ce8395d0e909d639a88b27e826fef40bfc173fab686a0bc362

  • SHA512

    11f7c3f6135c20e8c37ee289ee21009820775921b6e37f219e0c178ff0522168887c48683d88bd1e48b8bd30514a5e52ebd603b40f96d90a42046dfaeb4f3e16

  Score

  10^/10

  bumblebee1909evasiontrojan

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee

  • Enumerates VirtualBox registry keys

    evasion

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Loads dropped DLL

  • Suspicious use of NtCreateThreadExHideFromDebugger

  behavioral1behavioral2