BUBBLEWRAP is a full-featured, second-stage backdoor used by the admin@338 group. It is set to run when the system boots and includes functionality to check, upload, and register plug-ins that can further enhance its capabilities. 
BUBBLEWRAP can communicate using HTTP or HTTPS.
BUBBLEWRAP can communicate using SOCKS.
BUBBLEWRAP collects system information, including the operating system version and hostname.