Extracted

• • Target

    11bce4f2dcdc2c1992fddefb109e3ddad384b5171786a1daaddadc83be25f355.iso

  • Size

    2.5MB

  • MD5

    f4235fde77119ac772a2730d55c49c54

  • SHA1

    a250adaf3d5a5c2cd4d5ad4390e4cecbe00b3dd7

  • SHA256

    11bce4f2dcdc2c1992fddefb109e3ddad384b5171786a1daaddadc83be25f355

  • SHA512

    c65b5bbba88cd96856766b1c9f3cce0d7ccedeb63164e165a50508cd2147b522994edaf271953ef19a41afdd7b92bae1aa45b1e5f7e18885a1e68d8012a55086

  • SSDEEP

    24576:/ndTy8pMlAshQiX5Qtme5hekk+t8cH21dFa8POIuTQO0nvpC2QQLVtIwkvME:VT+69d5hrkgp4OlT90nvpdL7kv

  Score

  10^/10

  bumblebee1905revasiontrojan

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee

  • Enumerates VirtualBox registry keys

    evasion

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  behavioral1behavioral2