MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1c4e5a51d9446f3fefd6366a1d7a536c873c518e82db3291a17802609c340d21. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BumbleBee


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1c4e5a51d9446f3fefd6366a1d7a536c873c518e82db3291a17802609c340d21
SHA3-384 hash: be66524bacea147e37ab2691fd6e8189c6391c2b8236b8d0ca9edd915e5d041e9ba592e6ed48b3148fa7af4942cf2720
SHA1 hash: 5839ed9516f6d52df1dc1a15b44b393cf21e8b56
MD5 hash: 6f915d61b3de967bf1d14d733307b36e
humanhash: mountain-eleven-north-enemy
File name:documents042115.iso
Download: download sample
Signature BumbleBee
Create hunting rule
File size:3'901'440 bytes
First seen:2022-04-22 13:15:59 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 98304:hZo5q0spyUTJkqVnIY0z7ceiVNhPvpx3:hZwqlp51krrz4vp
TLSH T1D4066BF69CC8A15BFC54ECFDF736C570009BAD09F9DF880789A4162B5884139E79E688
TrID 99.6% (.NULL) null bytes (2048000/1)
0.2% (.ATN) Photoshop Action (5007/6/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
0.0% (.ABR) Adobe PhotoShop Brush (1002/3)
0.0% (.SMT) Memo File Apollo Database Engine (88/84)
Reporter k3dg3___
Tags:BUMBLEBEE iso

Intelligence

File Origin
# of uploads :
1
# of downloads :
209
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Lnk.Trojan.BazarLoader-9936113-2
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive masquerade rundll32 rundll32.exe
Link:
https://www.filescan.io/uploads/6262ae1b376c1c1a78d62957/reports/5770823d-57da-448a-a0cc-5095888a7de0/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1c4e5a51d9446f3fefd6366a1d7a536c873c518e82db3291a17802609c340d21/
Threat name:
Win32.Trojan.Khalesi
Create hunting rule
Status:
Malicious
First seen:
2022-04-22 13:16:17 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
7 of 42 (16.67%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion
Link:
https://tria.ge/reports/220422-qhs1csccf7/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks BIOS information in registry
Checks computer location settings
Identifies Wine through registry keys
Enumerates VirtualBox registry keys
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Looks for VirtualBox Guest Additions in registry
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1c4e5a51d9446f3fefd6366a1d7a536c873c518e82db3291a17802609c340d21

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BumbleBee

iso 1c4e5a51d9446f3fefd6366a1d7a536c873c518e82db3291a17802609c340d21

(this sample)

BumbleBee

Executable exe c65c51ed60f91a92789c4b056821ef51252baa2a1679a6513ab008acf0464ccb

  
Dropping
SHA256 c65c51ed60f91a92789c4b056821ef51252baa2a1679a6513ab008acf0464ccb
  
Delivery method
Distributed via e-mail link

Comments