Extracted

• • Target

    2510c_cr29.exe

  • Size

    2.7MB

  • MD5

    7e869bf508f17734a0d41373f4d84bc2

  • SHA1

    34886f40b8d6dc97c8892ce2fc2afc367d283439

  • SHA256

    e78686c842f5497fa096978d9c4e7b4bff76cb4f34bba2a9d4fb64d06e554a2f

  • SHA512

    36cd829cc13919c23fcc6f0d361ca443d65c003b3d77cbe0771d81415bc6660f1a69b18fe4beb3d79754051528d157b7b0ecc209918382514ec9cfd454d50dae

  • SSDEEP

    49152:/lP4yUfaW/LjawSoLABLbudAHfMOU++kH/:9WfamLXCbuikOU+d/

  Score

  10^/10

  bumblebee2510evasiontrojan

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee

  • Enumerates VirtualBox registry keys

    evasion

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtCreateThreadExHideFromDebugger

  behavioral1behavioral2