General
-
Target
test.dll
-
Size
1.4MB
-
Sample
221114-lv78labg3t
-
MD5
064cd8a6423bbbf29c3dcfd9776ad824
-
SHA1
37725d7a9013c7d8febcc23e1da27131491cc033
-
SHA256
49d75cf572dab6bd113256b22298d0ca908d5324d6f7906395ffaa596b4b4ed4
-
SHA512
073be275fa19811e2d62bcce332176be30053dfac6dafc9008668f0220261891f34298f966379af17158e9df26b12bfdb3ab0de9f6fc2019ff649b77d75e12c3
-
SSDEEP
24576:/nFeaeHGgwm2TYJMPS1uXmP80EOYArV7SHvtDTbFJD1c+55D+R6Mm955wo:/nFea9q2TYJMq12rOYArV7SHn11c40
Malware Config
Extracted
bumblebee
9rr
103.175.16.107:443
194.135.33.149:443
154.56.0.241:443
23.254.201.97:443
45.147.229.101:443
185.62.58.169:443
192.236.249.68:443
193.239.84.254:443
37.120.198.248:443
146.19.173.139:443
46.21.153.145:443
149.255.35.134:443
45.147.229.50:443
212.114.52.46:443
103.175.16.122:443
146.19.253.49:443
68.233.238.105:443
64.44.135.250:443
103.175.16.121:443
64.44.102.6:443
Targets
-
-
Target
test.dll
-
Size
1.4MB
-
MD5
064cd8a6423bbbf29c3dcfd9776ad824
-
SHA1
37725d7a9013c7d8febcc23e1da27131491cc033
-
SHA256
49d75cf572dab6bd113256b22298d0ca908d5324d6f7906395ffaa596b4b4ed4
-
SHA512
073be275fa19811e2d62bcce332176be30053dfac6dafc9008668f0220261891f34298f966379af17158e9df26b12bfdb3ab0de9f6fc2019ff649b77d75e12c3
-
SSDEEP
24576:/nFeaeHGgwm2TYJMPS1uXmP80EOYArV7SHvtDTbFJD1c+55D+R6Mm955wo:/nFea9q2TYJMq12rOYArV7SHn11c40
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-