General
-
Target
2510c_cr69.exe
-
Size
2.7MB
-
Sample
221027-sern8scec3
-
MD5
bf5889c772dd1377789fb54da0c6d08c
-
SHA1
ffb4b43e63cdc19f6bd7904a8bccd16038780b23
-
SHA256
aea6933430252325e7bec04d778064ff973a4db0d7dd237622efca5ad1f7db20
-
SHA512
e34e4019694390c69084b05cea1707f730808a09521284ac7fe082e48eff9a0401fdb884f770dee3053a24247baca4a2c409f4be2d80da06dec9269d68053caa
-
SSDEEP
49152:ltOeGMX6zeiTFzMg1I24bcsgWeJnuNQXh:lrGk6CidgzLeJnuNQX
Malware Config
Extracted
bumblebee
2510
69.46.15.158:443
135.125.241.35:443
172.86.120.141:443
Targets
-
-
Target
2510c_cr69.exe
-
Size
2.7MB
-
MD5
bf5889c772dd1377789fb54da0c6d08c
-
SHA1
ffb4b43e63cdc19f6bd7904a8bccd16038780b23
-
SHA256
aea6933430252325e7bec04d778064ff973a4db0d7dd237622efca5ad1f7db20
-
SHA512
e34e4019694390c69084b05cea1707f730808a09521284ac7fe082e48eff9a0401fdb884f770dee3053a24247baca4a2c409f4be2d80da06dec9269d68053caa
-
SSDEEP
49152:ltOeGMX6zeiTFzMg1I24bcsgWeJnuNQXh:lrGk6CidgzLeJnuNQX
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-