General
-
Target
bumblebee_win-dll_78beecc828a622f7cde900a68e5653438b60f9bdaf5d733996c499241c6d7130
-
Size
2.6MB
-
Sample
221012-jbn99scha7
-
MD5
2719b9bc4e8a2f3f033b9ebf75ba05cb
-
SHA1
9bfdeae0f5dd641c5d9b945dc91e64321f21587b
-
SHA256
78beecc828a622f7cde900a68e5653438b60f9bdaf5d733996c499241c6d7130
-
SHA512
e137ed1116e571df3c3beaaf451f026e3d2b7669dd59f1ac2d15c3d6c2669404b6ab2651ce374704f29120ccddba040cce1067ae2ec350b907426b184885f871
-
SSDEEP
49152:7J6uk7ObJRXJ/tcgZOrclKg3uAqI6nwopOwmJQai7SfsEP5YnWPAIO/aGqvxK+nt:7J6uGObJRXJ/ygZOrclKYuAqInRJQaiS
Malware Config
Extracted
bumblebee
2504r
104.168.236.99:443
23.82.141.184:443
172.241.29.169:443
Targets
-
-
Target
bumblebee_win-dll_78beecc828a622f7cde900a68e5653438b60f9bdaf5d733996c499241c6d7130
-
Size
2.6MB
-
MD5
2719b9bc4e8a2f3f033b9ebf75ba05cb
-
SHA1
9bfdeae0f5dd641c5d9b945dc91e64321f21587b
-
SHA256
78beecc828a622f7cde900a68e5653438b60f9bdaf5d733996c499241c6d7130
-
SHA512
e137ed1116e571df3c3beaaf451f026e3d2b7669dd59f1ac2d15c3d6c2669404b6ab2651ce374704f29120ccddba040cce1067ae2ec350b907426b184885f871
-
SSDEEP
49152:7J6uk7ObJRXJ/tcgZOrclKg3uAqI6nwopOwmJQai7SfsEP5YnWPAIO/aGqvxK+nt:7J6uGObJRXJ/ygZOrclKYuAqInRJQaiS
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-