MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2457a1b0008c7059b5d58fffadad4e71f8332e9c09ac55f34b0a078363c29c87. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BumbleBee


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2457a1b0008c7059b5d58fffadad4e71f8332e9c09ac55f34b0a078363c29c87
SHA3-384 hash: 2436a1ab8165f8eb61e15ecd7a11ff3333d7895d7435ab096dcb3fb7e7d169919691a1fda23383014b36616104c79786
SHA1 hash: 36709e87fa7a99589253b45d842470315a67e2ca
MD5 hash: 9ef13647102e4284c30a7e3d3e2227c0
humanhash: sink-dakota-lion-magazine
File name:oblot.dll
Download: download sample
Signature BumbleBee
Create hunting rule
File size:1'388'544 bytes
First seen:2022-05-09 17:35:11 UTC
Last seen:2022-05-09 18:35:28 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 66356a654249c4824378b1a70e7cc1e5 (4 x BumbleBee)
ssdeep 24576:waBf87gheqqqguvaURKZX7FvqJ3eWrcQmS0FMnRWN3FctRdTaEg7v7mIPb9XJzb:gYaeO
Threatray 2'163 similar samples on MalwareBazaar
TLSH T1A2556CF95F99244C983BE8199497BC7E9B8835135B4EAFD03717E9126376308A82C1CF
TrID 45.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
18.3% (.EXE) OS/2 Executable (generic) (2029/13)
18.0% (.EXE) Generic Win/DOS Executable (2002/3)
18.0% (.EXE) DOS Executable Generic (2000/1)
Reporter Rony
Tags:BUMBLEBEE dll exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
308
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
oblot.dll
Verdict:
No threats detected
Analysis date:
2022-05-09 17:39:28 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/c2b88c7b-74ac-4bfc-ab53-b0a6779d53bc

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.VHO.Backdoor.Win32.IRCNite.gen.896.20180.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/16830/overview
Behaviour
MalwareBazaar
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/627950ddb119a5f609b498ca/reports/628e7e42-f947-4229-beb6-c4d42650e693/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/88679418-aac0-4aa6-a4b1-a6888514a600
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/990415
Signature
Antivirus / Scanner detection for submitted sample
Contain functionality to detect virtual machines
Found potential dummy code loops (likely to delay analysis)
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Searches for specific processes (likely to inject)
System process connects to network (likely due to code injection or exploit)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2457a1b0008c7059b5d58fffadad4e71f8332e9c09ac55f34b0a078363c29c87/
Threat name:
Win64.Trojan.Bumbleloader
Create hunting rule
Status:
Malicious
First seen:
2022-05-09 17:36:08 UTC
File Type:
PE+ (Dll)
Extracted files:
1
AV detection:
13 of 26 (50.00%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0555b34b40f176362f5b9e070253358d8faec831f9675c03adfdb2929d168ee8
BumbleBee
0659390fe57012c9d29bacb0e85b61f7de968a6008f91d9c729e18c784b2cca1
BumbleBee
13aa6bed5b3a656b9c86cc2d397f765779f4a7dff49f73d58bd97e11423e0635
BumbleBee
2421c5815103b12aefee6faecb1ebbe910c6a17c7ed68f0d7bb2064ec4e97291
BumbleBee
26af00a279ce082c2bb1db2cb50d2d590623e3f20e6c260d77ca77bf72b51797
BumbleBee
3a52c4f27db221ed975af3d38ac4b9060203b9c6fb3532cdc61b969e21ca666c
BumbleBee
596b8d2ea9be082c0eea726b7217597fe293eef85069a8dd03a6024b48c7a199
BumbleBee
c65c51ed60f91a92789c4b056821ef51252baa2a1679a6513ab008acf0464ccb
BumbleBee
d19fdf53603310203c8bc83e1d27e14b60cac0a65932fe3824dedca50ff5c0a9
BumbleBee
e8b1a240c6fad4dd2e7bd0b08a0681131f2804d64d58869e60ad333cddc58cb0
BumbleBee
+ 2'153 additional samples on MalwareBazaar
Result
Malware family:
bumblebee
Create hunting rule
Score:
  10/10
Tags:
family:bumblebee evasion trojan
Link:
https://tria.ge/reports/220509-v6j5ksdgg9/
Behaviour
Suspicious behavior: EnumeratesProcesses
Checks BIOS information in registry
Identifies Wine through registry keys
Enumerates VirtualBox registry keys
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Looks for VirtualBox Guest Additions in registry
BumbleBee
Unpacked files
SH256 hash:
2457a1b0008c7059b5d58fffadad4e71f8332e9c09ac55f34b0a078363c29c87
MD5 hash:
9ef13647102e4284c30a7e3d3e2227c0
SHA1 hash:
36709e87fa7a99589253b45d842470315a67e2ca
Link:
https://www.unpac.me/results/194b9e81-a808-4f18-9bd5-55b501cc8272/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2457a1b0008c7059b5d58fffadad4e71f8332e9c09ac55f34b0a078363c29c87

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BumbleBeeLoader
Create hunting rule
Author:enzo & kevoreilly
Description:BumbleBee Loader
Rule name:crime_win64_bumbleebee_loader_packed
Create hunting rule
Author:Rony (@r0ny_123)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BumbleBee

iso 9a6803a3a18beabace30fafc51b16aec40c86d32274d206cbd5f171da8e3881f

BumbleBee

Executable exe 2457a1b0008c7059b5d58fffadad4e71f8332e9c09ac55f34b0a078363c29c87

(this sample)

  
Dropped by
SHA256 9a6803a3a18beabace30fafc51b16aec40c86d32274d206cbd5f171da8e3881f
  
Dropped by
MD5 bdb8f624c273c6465c4a77d9286cadc6

Comments