General
-
Target
JaffaCakes118_dd2eaf56b19754263073fbf64bc00e236de3053c303ffc63bf0e7821b6ac6d64
-
Size
928KB
-
Sample
241223-3fp7xavngl
-
MD5
8b10a12dc86ecb89f5aeb097db5eca30
-
SHA1
0c82a65ce6338c4c6446f67551866c12e5381912
-
SHA256
dd2eaf56b19754263073fbf64bc00e236de3053c303ffc63bf0e7821b6ac6d64
-
SHA512
a92f91ac66cbb32177e145efb383c2272bc6f3a5fe058df00c0228189487a883922b63dfe033ca821fb56e453c5e5190e7a535e60178a90f327a870e12caf428
-
SSDEEP
24576:E3/7KI6g3dllZddRYzeKpdXui8kNesbJVQb:0GI3FZjRqeKMs7Qb
Static task
static1
Behavioral task
behavioral1
Sample
documents request.lnk
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
documents request.lnk
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
stats.dll
Resource
win7-20240708-en
Malware Config
Extracted
bumblebee
276l
172.93.193.124:443
45.153.241.64:443
45.153.241.19:443
Targets
-
-
Target
documents request.lnk
-
Size
1KB
-
MD5
c792b04c766ab57b49f5cfe33552a0ba
-
SHA1
badce1297ba8768de589ebae02c955fc99dd3fbe
-
SHA256
ccbd285306a104b9c4318202bc4afa15af5d285215922877086be4f928494112
-
SHA512
f9351239f546174314f2ddb2e311a9b8053ca2ab2d59d11541822f2df453ccd8faa477564ef19a5815b72c90f738fdabfc6c03592e9c9f81f18c254e79ff2747
-
Bumblebee family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
-
-
Target
stats.dll
-
Size
1.4MB
-
MD5
c978236aacb56975104135b96301fd79
-
SHA1
bc9e252dbbbb25a7d3895abf7873ad14ee36c268
-
SHA256
b8e8284f3e999db3333a0a8e79132cce4462ccc3c5875b1be7f5e9a2d8e44966
-
SHA512
b6f3a476361b2fe7f262486a0b9167555ec77e5915def548c4b4b01bc93cb0e853b1f64f7177998f4216476e8e5e0cc7151f017252a9f0caef1da3c2baa3871c
-
SSDEEP
24576:OsgeDrXBXQS1d7ns+pHB7e0L3/SQUOyxv0dzf9044vunpt:OsgeF7ZsaJR3/SQUO+0dLcv
-
Bumblebee family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-