General
-
Target
8212767132.zip
-
Size
177KB
-
Sample
221024-lz5y2afha2
-
MD5
05000ae2e2d604cd7f0d953e5a39be04
-
SHA1
d7dd17dc14fbf6a33f604c6ebaf71e6499a1dff1
-
SHA256
7b16d288c77688f617ac39cda69d397f7fe6e87172514f76d3ac1e2623dc41bd
-
SHA512
f9fb2d3d086e4d9a5f362aa07bda9be10e3cdb8f36b38c9e64a5d27e8f2c582d82dc4f990e240b71d0610d0964228489151c87d5132f642e268850ede373139b
-
SSDEEP
3072:H9Rot88R4UXB+OPJMuBGYhdMCzM+b5honjC9O04JsBrKGtpr9azncF1:HG88WW5PlYxCgYajsMstTDr9azE
Behavioral task
behavioral1
Sample
a1ec21eda64e0a6edc5f16978c6b752c66f4338a9d750fa246c7344a8c76ad90.xlsb
Resource
win7-20220812-en
Malware Config
Extracted
Extracted
bumblebee
2010m
23.106.160.112:443
146.59.116.146:443
172.93.193.220:443
Targets
-
-
Target
a1ec21eda64e0a6edc5f16978c6b752c66f4338a9d750fa246c7344a8c76ad90
-
Size
208KB
-
MD5
b8c86fdc6fc2479498b92d474021d8c5
-
SHA1
8256aed96aa28b8d80956d5022bf5ada15218927
-
SHA256
a1ec21eda64e0a6edc5f16978c6b752c66f4338a9d750fa246c7344a8c76ad90
-
SHA512
2e4f21d5675bf7ee2b1edc3af51afff3d48ba2288f863e5c5ab3412494495eeafbb4c8e5fa53688c784fdd9ae110d445158b56dc831f9128012dd99f9b5e1f8f
-
SSDEEP
6144:CehHpGTRt0hgI/qm1Uz/SyQI9dTbmeo70uWoeJJggmA8:CehHYRt0Wax1ASrWfJaZA8
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-