MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 127b3506b7da4569cbdf23bb500bb95832e1a8d4fcec5e2ce6ec9e0c973ba36b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BumbleBee


Vendor detections: 5


Intelligence 5 IOCs YARA 9 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 127b3506b7da4569cbdf23bb500bb95832e1a8d4fcec5e2ce6ec9e0c973ba36b
SHA3-384 hash: b03d82ace0b59d3851a06474a38801dc11be097eea96d608a655a4f71624b50b56eec47925deae7cbb371ff62b259be3
SHA1 hash: 6983820a0d115bb78290ce9fbd6543623281d3d1
MD5 hash: 016eae588e2e565414259280ba4f6753
humanhash: bulldog-early-sodium-yankee
File name:Required Documents.img
Download: download sample
Signature BumbleBee
Create hunting rule
File size:2'293'760 bytes
First seen:2023-02-18 13:48:54 UTC
Last seen:Never
File type: img
MIME type:application/octet-stream
ssdeep 24576:MgqqFfeeOby7LSjsfIMLkC8Jsc0Q+8VC7skZ:+qFVLIsActoC
TLSH T163B5E103B66E077BC0369B3688E706C2EB7072A3E713476B0295912D3D973916E67739
TrID 99.6% (.NULL) null bytes (2048000/1)
0.2% (.ATN) Photoshop Action (5007/6/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
0.0% (.ABR) Adobe PhotoShop Brush (1002/3)
0.0% (.SMT) Memo File Apollo Database Engine (88/84)
Reporter Anonymous
Tags:BUMBLEBEE img

Intelligence

File Origin
# of uploads :
1
# of downloads :
142
Origin country :
US US
File Archive Information

This file archive contains 4 file(s), sorted by their relevance:

File name:network.dll
File size:1'081'344 bytes
SHA256 hash: c181c20d4efe8312d3d6a4de770febe8f48c92e78a4f7dfa7d011bba58ad8b67
MD5 hash: fb98aec6e04559be2d5ff6e1b7dc5260
MIME type:application/x-dosexec
Signature BumbleBee
File name:project requirements.lnk
File size:991 bytes
SHA256 hash: 58e600927cd3e565e99a80966f1fd036c49d56af5465c969349a50363efd33c8
MD5 hash: 4aa1864203a7fbd8795ef1fcc593e5cd
MIME type:application/octet-stream
Signature BumbleBee
File name:2
File size:381 bytes
SHA256 hash: 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
MD5 hash: 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
MIME type:text/xml
Signature BumbleBee
File name:case_studies.bat
File size:1'666 bytes
SHA256 hash: f8e440d105af724ade3b6f31880535cadd230e844b774e383c3315a8d8512668
MD5 hash: 57db5417a61ba7c6fc51b7e48772dbda
MIME type:text/x-msdos-batch
Signature BumbleBee
Vendor Threat Intelligence
Detection(s):
TwinWave.EvilLNK.ReturnOfTheMac.002590d2c4a2.UNOFFICIAL
Create hunting rule

TwinWave.EvilLNK.PolkSalad.20220920.UNOFFICIAL
Create hunting rule

TwinWave.EvilLNK.PolkSalad.20221208.UNOFFICIAL
Create hunting rule

TwinWave.EvilLNK.PolkSalad.20221209.UNOFFICIAL
Create hunting rule

TwinWave.EvilLNK.PolkSalad.20221209.M2.UNOFFICIAL
Create hunting rule

Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/63f0d750b53d126ad263238b/reports/8c7169d9-5d95-4861-9127-9c557981167d/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/127b3506b7da4569cbdf23bb500bb95832e1a8d4fcec5e2ce6ec9e0c973ba36b
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/127b3506b7da4569cbdf23bb500bb95832e1a8d4fcec5e2ce6ec9e0c973ba36b/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-02-18 13:33:44 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
4 of 39 (10.26%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cj5tkbvx3jcwts67eo5vac5zlazodkgu7twf4lhg5spazfz3unvq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/127b3506b7da4569cbdf23bb500bb95832e1a8d4fcec5e2ce6ec9e0c973ba36b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Bumblebee_mem
Create hunting rule
Author:James_inthe_box
Description:Bumblebee loader
Reference:7a2ac6664ef13971ce464676012092befde8f14b0013b2f0f3e21c9051cb45a0
Rule name:INDICATOR_SUSPICIOUS_VM_Evasion_MACAddrComb
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing virtualization MAC addresses
Rule name:INDICATOR_SUSPICIOUS_VM_Evasion_VirtDrvComb
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing combination of virtualization drivers
Rule name:ISO_exec
Create hunting rule
Author:@bartblaze
Description:Identifies execution artefacts in ISO files, seen in malware such as Bumblebee.
Rule name:Windows_Trojan_Bumblebee_35f50bea
Create hunting rule
Author:Elastic Security
Rule name:Windows_Trojan_Bumblebee_70bed4f3
Create hunting rule
Author:Elastic Security
Rule name:win_bumblebee
Create hunting rule
Rule name:win_bumblebee_a0
Create hunting rule
Author:Slavo Greminger, SWITCH-CERT
Rule name:win_bumblebee_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.bumblebee.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BumbleBee

img 127b3506b7da4569cbdf23bb500bb95832e1a8d4fcec5e2ce6ec9e0c973ba36b

(this sample)

BumbleBee

Executable exe c181c20d4efe8312d3d6a4de770febe8f48c92e78a4f7dfa7d011bba58ad8b67

  
Dropping
SHA256 c181c20d4efe8312d3d6a4de770febe8f48c92e78a4f7dfa7d011bba58ad8b67
  
Dropping
SHA256 f8e440d105af724ade3b6f31880535cadd230e844b774e383c3315a8d8512668
  
Dropping
SHA256 58e600927cd3e565e99a80966f1fd036c49d56af5465c969349a50363efd33c8
  
Delivery method
Distributed via e-mail link
  
Dropping
MD5 fb98aec6e04559be2d5ff6e1b7dc5260

Comments