General
-
Target
JaffaCakes118_c60c8153f45af6012d9f85074886fcf627e34e0c92db133207934fd3eadd2770
-
Size
1002KB
-
Sample
241228-3ggxxsvqgn
-
MD5
3ec7675ef47f3cb55ba121697514c0cb
-
SHA1
0fb433453422f3e572901ea47613d1faad1c9122
-
SHA256
c60c8153f45af6012d9f85074886fcf627e34e0c92db133207934fd3eadd2770
-
SHA512
f42b9063459e86847f87f07bfcd8fb3bcd4466fc0ea0b4cc229b79d79c876d599f0d795ae3c3db68f37c62a38768517416538080dccafdf3ab10ca09ca760e9f
-
SSDEEP
24576:Q95tssxDNgLf3Rb9C0kfOhjS4K7XEo20E9HuNZp6eyJLXQUGy2IgUp46G:Q9zxDNef3RxpjeJ20E9ON2eoLX9Gy2e6
Static task
static1
Behavioral task
behavioral1
Sample
PRD.lnk
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
PRD.lnk
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
sec.dll
Resource
win7-20240903-en
Malware Config
Extracted
bumblebee
286a
185.62.58.175:443
209.141.58.141:443
103.175.16.116:443
146.70.106.52:443
108.62.118.145:443
154.56.0.112:443
172.93.193.187:443
Targets
-
-
Target
PRD.lnk
-
Size
1KB
-
MD5
ba087f3dc565e4c1dc54c5e2f581f4a1
-
SHA1
90940bfa9973a4d455e25d09c2c0f1c4d2ffb06e
-
SHA256
dfc5072b4874706e6ebe8c47140dedc6051f8dda92351bdea8996154e6a96ed2
-
SHA512
c3f22c3d24d08b4fe96e097bbb192f1c47afc3933b49d20da98d33edd0fb8c6c7615a102a4f75d6f1ef50c0c85ab574e9b41be9adf780ee27b6667b3e64d648c
-
Bumblebee family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
-
-
Target
sec.dll
-
Size
1.7MB
-
MD5
a30bf883c38b54c3b22a2f8ccfb1bd8a
-
SHA1
9a5ec009753040c5214b864d9d271901eb4542ac
-
SHA256
95a6114c8b9879ebc9a0142fcd46d41dd428380a27d5b396a232f42e4a505fb2
-
SHA512
64d3f30c8564e4eedecd7f3f8c3b1eafaa3d781fb5bef39825ea1b8fdd1f39c38ac477f08a7a147fcb2f404c32ded7ae841b5bb443070945e1aa60668838ed58
-
SSDEEP
49152:Vf0KjZAxHascQO0L+CyceKgNdjBqYa4xvmuH6BrxUsV:VsWSNWH06CycAoTuH6BrxUsV
-
Bumblebee family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-