Extracted

• • Target

    2510c_cr91.exe

  • Size

    2.7MB

  • MD5

    20bd75258104890098ee94b466723f93

  • SHA1

    b4e70128b9aef480732f2bd0926e5274e460cb54

  • SHA256

    f9e77626767296ac5e6fc6510d74d6417c290146e216c194643b586b0437ab3f

  • SHA512

    964126f4ccb2410a98c5c1026aeac3f795906942112585a5c8f36970db5c9034132913794bc3ef846c08c6884ac9b171ec58689b43f8005d36c2f72f59edb1f8

  • SSDEEP

    49152:N35sE1ooe/bEhL9ni0V39wArTXkngnUQGB5BAc0B4VwS:Np1ooKQpfKOkAGNAVhS

  Score

  10^/10

  bumblebee2510evasiontrojan

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee

  • Enumerates VirtualBox registry keys

    evasion

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtCreateThreadExHideFromDebugger

  behavioral1behavioral2