MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 111884defe575650260a2eaab6c0fc2a3ebd3fbe4a9bf75bb56944a13f0aa009. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BumbleBee


Vendor detections: 2


Intelligence 2 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 111884defe575650260a2eaab6c0fc2a3ebd3fbe4a9bf75bb56944a13f0aa009
SHA3-384 hash: ba2d6fcf67eacd0693bd2710faa4447a08bba378ce5ffd39c069a3b493fd87d0cb6d2ff8e2888523a94356f7e2470a66
SHA1 hash: e845d373bdbfad8c95c4eed2d56bd43649e1695a
MD5 hash: 9ea85fe222f7132c709650ad58ed455d
humanhash: yankee-arizona-magazine-orange
File name:redacted_company.zip
Download: download sample
Signature BumbleBee
Create hunting rule
File size:807'431 bytes
First seen:2022-11-28 18:18:38 UTC
Last seen:Never
File type: zip
MIME type:application/zip
Note:This file is a password protected archive. The password is: Nov2022
ssdeep 24576:HQ6ZPWnveMUKfw9QaA76ysSs9N3bBtPZf8KSXs:w6ZPvMMDAyvbnPa98
TLSH T1A50533CD332AC69F615CC32D32FB1E16DA33007F48457F45BDA5A24A679323E36A6291
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter k3dg3___
Tags:2811 BUMBLEBEE pw Nov2022 TA580 zip


Avatar
k3dg3
via smash

Intelligence

File Origin
# of uploads :
1
# of downloads :
236
Origin country :
US US
File Archive Information

This file archive contains 3 file(s), sorted by their relevance:

File name:2513512.lnk
File size:979 bytes
SHA256 hash: 4359aa457c9788ca56db263a20e8ad9f65c055cbd84942c8e834f604295402dd
MD5 hash: 0502619a8ec457ec91f82748c2e6d1ec
MIME type:application/octet-stream
Signature BumbleBee
File name:navbar.bat
File size:2'644 bytes
SHA256 hash: 582d1a5ec7ec31a5e6629a8b129eafeabc818f8d667d7f6741d3f3308d2a88c5
MD5 hash: bea43d8763a4952fa48876e6bb86b734
MIME type:text/x-msdos-batch
Signature BumbleBee
File name:taxonomy.dll
File size:1'168'896 bytes
SHA256 hash: 95a37ee707f673e561f3a8dbb27927f7140b8541c12eb805bf47613adc36b584
MD5 hash: f8a6948b927d6a0408679fc623994571
MIME type:application/x-dosexec
Signature BumbleBee
Vendor Threat Intelligence
Gathering data
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/111884defe575650260a2eaab6c0fc2a3ebd3fbe4a9bf75bb56944a13f0aa009
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/111884defe575650260a2eaab6c0fc2a3ebd3fbe4a9bf75bb56944a13f0aa009/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cemijxx6k5lfajqkf2vlnqh4fi7l2p56jkn7ow5vnfckcpykuaeq._file
Gathering data
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/111884defe575650260a2eaab6c0fc2a3ebd3fbe4a9bf75bb56944a13f0aa009

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Execution_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies execution artefacts in shortcut (LNK) files.
Rule name:EXE_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies executable artefacts in shortcut (LNK) files.
Rule name:LNK_sospechosos
Create hunting rule
Author:Germán Fernández
Description:Detecta archivos .lnk sospechosos
Rule name:PassProtected_ZIP_ISO_file
Create hunting rule
Author:_jc
Description:Detects container formats commonly smuggled through password-protected zips
Rule name:Script_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies scripting artefacts in shortcut (LNK) files.
Rule name:SUSP_LNK_CMD
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects the reference to cmd.exe inside an lnk file, which is suspicious

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BumbleBee

zip 111884defe575650260a2eaab6c0fc2a3ebd3fbe4a9bf75bb56944a13f0aa009

(this sample)

BumbleBee

Executable exe 95a37ee707f673e561f3a8dbb27927f7140b8541c12eb805bf47613adc36b584

  
Link
https://tria.ge/221128-wpcjvaec79/behavioral2
  
Dropping
SHA256 95a37ee707f673e561f3a8dbb27927f7140b8541c12eb805bf47613adc36b584
  
Delivery method
Distributed via e-mail link

Comments