MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1930bd3a3a2f286f2d8a2920609e145d1fffc2bddebaf1b526a96527a92cf73a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BumbleBee


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1930bd3a3a2f286f2d8a2920609e145d1fffc2bddebaf1b526a96527a92cf73a
SHA3-384 hash: f8a7db96c4901c01f417f01a63735e151c09dfaa5c41e2bc5af647ca7b7144520ceaf8ca02f5412e652255ff62b5b841
SHA1 hash: 9d46f86dc63da12521919c54a991c031708fef85
MD5 hash: bf6ef3563da6b2719678600d44e00526
humanhash: yankee-bluebird-salami-maryland
File name:plant3.dll
Download: download sample
Signature BumbleBee
Create hunting rule
File size:3'064'832 bytes
First seen:2022-04-20 16:35:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5034976d9d8c12b5605d53a26e90ea3c (1 x BumbleBee)
ssdeep 49152:DkZ0/MSDKocziLDoNkPQ0I7ZF4tkRVCcWp2dj8sRFtYoN3tXxU5DhtNuVwPBRG+4:00/MSDKocziLDoNkPQ0I7ZF4tkRVcp8d
Threatray 2'064 similar samples on MalwareBazaar
TLSH T1BFE5E1E433857A61EAC98B12F148BDE4970130B7F5BB28EC47A71F8619677D8CF24921
TrID 45.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
18.3% (.EXE) OS/2 Executable (generic) (2029/13)
18.0% (.EXE) Generic Win/DOS Executable (2002/3)
18.0% (.EXE) DOS Executable Generic (2000/1)
Reporter k3dg3___
Tags:BUMBLEBEE dll exe


Avatar
k3dg3
entry=AUjoZKdcSZ

Intelligence

File Origin
# of uploads :
1
# of downloads :
819
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/265194/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/62603639eab80a7a6c4c1e70/reports/e5ed09f8-1c2a-4a5b-b83a-040f7334d9f0/overview
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/aa56596b-aa17-407e-8cd9-612ce22d1db1
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/979811
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1930bd3a3a2f286f2d8a2920609e145d1fffc2bddebaf1b526a96527a92cf73a/
Threat name:
Win64.Trojan.Khalesi
Create hunting rule
Status:
Malicious
First seen:
2022-04-20 16:35:28 UTC
File Type:
PE+ (Dll)
AV detection:
6 of 25 (24.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=deyl2or2f4ug6lmkfeqgbhqulup77qv5325pdnjgvfsspkjm645a._file
Verdict:
unknown
Similar samples:
0555b34b40f176362f5b9e070253358d8faec831f9675c03adfdb2929d168ee8
BumbleBee
2421c5815103b12aefee6faecb1ebbe910c6a17c7ed68f0d7bb2064ec4e97291
BumbleBee
596b8d2ea9be082c0eea726b7217597fe293eef85069a8dd03a6024b48c7a199
BumbleBee
b7087d25fb4bbe998f0eafc49d58bb04dc9c50d3b9ca55c1e52d2ba8dd1b9fbc
BumbleBee
d17d26fe698a00cf23683e5df58679d6d1bf18866de4b87edb62a2bc64cb22bc
BumbleBee
d19fdf53603310203c8bc83e1d27e14b60cac0a65932fe3824dedca50ff5c0a9
BumbleBee
e8b1a240c6fad4dd2e7bd0b08a0681131f2804d64d58869e60ad333cddc58cb0
BumbleBee
edb86e9c3d29b3d13c82562dc1aeb1cd7e2c33e2bfcbae30791bf1d1aaf4345f
BumbleBee
+ 2'054 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion
Link:
https://tria.ge/reports/220420-t3m7dsechn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Checks BIOS information in registry
Identifies Wine through registry keys
Enumerates VirtualBox registry keys
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Looks for VirtualBox Guest Additions in registry
Unpacked files
SH256 hash:
1930bd3a3a2f286f2d8a2920609e145d1fffc2bddebaf1b526a96527a92cf73a
MD5 hash:
bf6ef3563da6b2719678600d44e00526
SHA1 hash:
9d46f86dc63da12521919c54a991c031708fef85
Link:
https://www.unpac.me/results/33ce5f1f-474c-4afb-9dc8-c1f12990676f/
Malware family:
BumbleBee
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/1930bd3a3a2f/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/1930bd3a3a2f286f2d8a2920609e145d1fffc2bddebaf1b526a96527a92cf73a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address

File information

The table below shows additional information about this malware sample such as delivery method and external references.

10262bde152b2cef889982aeaaaf2af3029fa7ea923b8643803249f7a3736601

BumbleBee

Executable exe 1930bd3a3a2f286f2d8a2920609e145d1fffc2bddebaf1b526a96527a92cf73a

(this sample)

  
Dropped by
SHA256 10262bde152b2cef889982aeaaaf2af3029fa7ea923b8643803249f7a3736601
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/265194/
  
Dropped by
SHA256 9fc926e5cd51f41f9d20885362d35ba594c4fbb9f8983b6a3e79d77d9e5887a2
  
Dropped by
MD5 acdf14233e685af386b2bde7ba9d1554

Comments