General
-
Target
JaffaCakes118_ff86d5a81bb890b0776095ea7b602bcbae1c61063c4a1c3c891008889649c973
-
Size
861KB
-
Sample
241222-b4jw9axrgz
-
MD5
0e1f818bfc966c79cc43f0e27554898f
-
SHA1
773c5acc7b1d6d7be5e08d5a02dad1cb1e03823f
-
SHA256
ff86d5a81bb890b0776095ea7b602bcbae1c61063c4a1c3c891008889649c973
-
SHA512
8404cd473d247f3605e44acb40ddb7d95d78b48b3cc3e96848d845e065b171cfbdb667ce505feeb04c0cc1bb7be2bf4525369eb34f4f7826986fa847fa7fb780
-
SSDEEP
24576:XV2VfIvxK6x8WZ1nhb4L0/KmxdKYHiMWsZCt8Y2:F2Vog0vZ1hb4LWKmxQMrFZC4
Malware Config
Extracted
bumblebee
306f
209.141.46.50:443
146.19.173.155:443
27.183.95.15:443
54.38.138.94:443
Targets
-
-
Target
7aa5af5ee7a10b31309807e9f72ef711cbf2864c17d943ded85ca439b6106ea4
-
Size
1.4MB
-
MD5
bfae0c9a0e0f0dd88051aaa8eb2faedf
-
SHA1
40fde1f9090fce8ef1c27865ff44d33e47fa9c74
-
SHA256
7aa5af5ee7a10b31309807e9f72ef711cbf2864c17d943ded85ca439b6106ea4
-
SHA512
df846c0ab7cffc8d65edff807c095b785220b1cfd6244940744222c0b5cf05c4be6248cc172165fbe7c00f0b72dbf6be587fb762fdd9779ba022f0639a62f5dc
-
SSDEEP
24576:yF8n2LaxtDT0rYOA+nB64XaTL7AXC6r/rHZwNkirBTCGCo:yF8vT2YD+s4XaTL7U/H2NrRfCo
Score10/10-
BumbleBee
BumbleBee is a loader malware written in C++.
-
Bumblebee family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-