MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 187754f20558b7d67abb233e84ee14a85ea1791983d87d5a4dfe062799ae3d3c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BumbleBee


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 187754f20558b7d67abb233e84ee14a85ea1791983d87d5a4dfe062799ae3d3c
SHA3-384 hash: 1449874469f07b2051405ac64af6766a1a48b86ab98a8cba8f84a3bcacf652305d17dfc78f628e6480c42b788c167b01
SHA1 hash: a3bd016dd1d2f26857594d4d60f36bc73e9ede99
MD5 hash: 2f7cc32eab5132846f2c60cd49b11503
humanhash: william-artist-twenty-one
File name:3oCGqe4g.UBr
Download: download sample
Signature BumbleBee
Create hunting rule
File size:1'450'496 bytes
First seen:2023-04-20 19:18:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7e67bc8966663720e52fe10778f5a917 (1 x BumbleBee)
ssdeep 24576:o9sBKJRPFHYCRNJYM9WFw7/ekQ6o2LRNtVRIO72f6hPEK3X5Kk:yhzLRQQ
Threatray 978 similar samples on MalwareBazaar
TLSH T11765CF24F5A63AB6E761CD33887F9E24CF382197A172A37714216077582D7F1BF06A09
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter 0xToxin
Tags:BUMBLEBEE dll exe mc1904


Avatar
0xToxin
download from:
https://biznessfarm.buzz/mmm2/35EgZAl0ndLtSyB2PtEHMDZXsGF5DVRqOA~~/YgYONy1gmOyI6qASimiMJAPaZfRGBQVArw~~/

Intelligence

File Origin
# of uploads :
1
# of downloads :
357
Origin country :
IL IL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
3oCGqe4g.UBr
Verdict:
No threats detected
Analysis date:
2023-04-20 19:20:05 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a26f5c6c-9530-4607-85c3-1b5aa890391c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/383817/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6441902bfe8e7870af778b3d/reports/1cd979fa-7204-4b76-9e7c-ae3c0d34a15f/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/187754f20558b7d67abb233e84ee14a85ea1791983d87d5a4dfe062799ae3d3c
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a31028fd-b4e9-42c4-9546-f332d81b14c3
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1218264
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 851210 Sample: 3oCGqe4g.UBr.exe Startdate: 20/04/2023 Architecture: WINDOWS Score: 48 37 Multi AV Scanner detection for submitted file 2->37 8 loaddll64.exe 1 2->8         started        process3 process4 10 cmd.exe 1 8->10         started        12 rundll32.exe 8->12         started        14 rundll32.exe 8->14         started        16 7 other processes 8->16 process5 18 rundll32.exe 10->18         started        20 WerFault.exe 12->20         started        23 WerFault.exe 17 9 14->23         started        25 WerFault.exe 9 16->25         started        27 WerFault.exe 9 16->27         started        29 WerFault.exe 9 16->29         started        31 WerFault.exe 9 16->31         started        dnsIp6 33 WerFault.exe 4 9 18->33         started        35 192.168.2.1 unknown unknown 20->35 process7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/187754f20558b7d67abb233e84ee14a85ea1791983d87d5a4dfe062799ae3d3c/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=db3vj4qflc35m6v3em7ij3quvbpkc6izqpmh2wsn7ydcpgnohu6a._file
Verdict:
malicious
Similar samples:
05aa0587937c153ffbd573c6ba35a446e7c9eae62a39308d6e800e127156c468
BumbleBee
35f2ec59313bbe5b78e4b043f06f8961f6f3e77b870544d15ee7cc1fca987d8c
BumbleBee
897e53b648020ab28663240bbbce54546cf6f55b35019fd4aa2a209c4a3b1832
BumbleBee
9570591e6b867c4f84aa74812957f13bc648ba7d2f1cbff9545005ededcb45f9
BumbleBee
a8a25ee71c0e8e4a06cd1573271672b871f78eba5f41803ffda6f14006c81803
BumbleBee
c9eb997b9af05af641a3708b006e34e6a9a4e7755fca72205cd187110375e7ac
BumbleBee
+ 968 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230420-x1hexabh38/
Behaviour
Program crash
Unpacked files
SH256 hash:
187754f20558b7d67abb233e84ee14a85ea1791983d87d5a4dfe062799ae3d3c
MD5 hash:
2f7cc32eab5132846f2c60cd49b11503
SHA1 hash:
a3bd016dd1d2f26857594d4d60f36bc73e9ede99
Link:
https://www.unpac.me/results/eb1e56ae-d3fe-49b9-8e55-2962d4bc4344/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/187754f20558b7d67abb233e84ee14a85ea1791983d87d5a4dfe062799ae3d3c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/383817/

Comments