Extracted

• • Target

    4a49e2f06ba48d3a88fdeb83fb8021f3d165535e8ea5319b16a7ebe4da9c0751

  • Size

    2.7MB

  • MD5

    c9e37a67f7e3dd3826c23ee04a62ec7b

  • SHA1

    aa157fabb858a9e7ae0d138246545f776934cba7

  • SHA256

    4a49e2f06ba48d3a88fdeb83fb8021f3d165535e8ea5319b16a7ebe4da9c0751

  • SHA512

    5a5912c002f7d06a39bd0f9eba82da32cd7e621e814f1060095d5d56d2a0092ee398499a6a75cb28da773f63b1320f66089ed881a59fb36e8b589deb384e92ea

  • SSDEEP

    49152:+jThLI9aW/+9xRAfRJiN9KtmkP8vfuGia3F2JgN8kupvjgi3M8pp/:+XdO+9x4JiN9umkP8vfuGia3F2JgN8kG

  Score

  10^/10

  bumblebeeall0604evasionloader

  • BumbleBee

    BumbleBee is a loader malware written in C++.

    loaderbumblebee

  • Enumerates VirtualBox registry keys

    evasion

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Blocklisted process makes network request

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  behavioral1behavioral2