MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 25ccf19af5dac51ec76ce6da1d2958d5dee34e50e78938b187b627f8771317d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BumbleBee


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 25ccf19af5dac51ec76ce6da1d2958d5dee34e50e78938b187b627f8771317d1
SHA3-384 hash: 1c98d8b685cc08f5d2e97ddd043860402701b88099085fdc33f99fc4d200ae40d9b845c03f8a332b8aca593fe442ac80
SHA1 hash: c3bb172894a4e0e1ecc93fcd1bd78450ab4ca195
MD5 hash: b07d064220b48ac3b110e6ebe1e4f542
humanhash: lamp-cup-shade-four
File name:desk.dll
Download: download sample
Signature BumbleBee
Create hunting rule
File size:1'252'864 bytes
First seen:2022-05-11 17:56:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 220e1d3578c56ebb1f1193aed07050a8 (1 x BumbleBee)
ssdeep 24576:dSjYvwTRvpA44SNKeysw9VJFtyzDf5WF313pyLS9cUGt2Z8gUHc43Zx:dSjY4TRvyem9VJFAXM7pGDRt2ZxTqZx
Threatray 2'157 similar samples on MalwareBazaar
TLSH T148459FD763EE3C61E2C0A5B786847579483FB76B85E327E82E564E3A1E284107F70D24
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter Anonymous
Tags:BUMBLEBEE dll exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
309
Origin country :
n/a
Vendor Threat Intelligence
Detection:
BumbleBee
Create hunting rule
Link:
https://www.capesandbox.com/analysis/269754/
Result
Verdict:
Clean
Maliciousness:
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/17177/overview
Behaviour
MalwareBazaar
MeasuringTime
CPUID_Instruction
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/627bf8cab119a5f609bb97f0/reports/90f522a2-65af-4c27-b0ad-7f06fad53ac3/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/52306ee2-1f9d-4273-ac9c-116a559a6dc3
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/992097
Signature
Found potential dummy code loops (likely to delay analysis)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
System process connects to network (likely due to code injection or exploit)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/25ccf19af5dac51ec76ce6da1d2958d5dee34e50e78938b187b627f8771317d1/
Threat name:
Win64.Trojan.BumbleBee
Create hunting rule
Status:
Malicious
First seen:
2022-05-11 17:35:51 UTC
File Type:
PE+ (Dll)
Extracted files:
1
AV detection:
16 of 26 (61.54%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=exgpdgxv3lcr5r3m43nb2kky2xpogtsq46etrmmhwyt7q5ytc7iq._file
Verdict:
unknown
Similar samples:
0555b34b40f176362f5b9e070253358d8faec831f9675c03adfdb2929d168ee8
BumbleBee
0659390fe57012c9d29bacb0e85b61f7de968a6008f91d9c729e18c784b2cca1
BumbleBee
13aa6bed5b3a656b9c86cc2d397f765779f4a7dff49f73d58bd97e11423e0635
BumbleBee
2421c5815103b12aefee6faecb1ebbe910c6a17c7ed68f0d7bb2064ec4e97291
BumbleBee
26af00a279ce082c2bb1db2cb50d2d590623e3f20e6c260d77ca77bf72b51797
BumbleBee
3a52c4f27db221ed975af3d38ac4b9060203b9c6fb3532cdc61b969e21ca666c
BumbleBee
596b8d2ea9be082c0eea726b7217597fe293eef85069a8dd03a6024b48c7a199
BumbleBee
c65c51ed60f91a92789c4b056821ef51252baa2a1679a6513ab008acf0464ccb
BumbleBee
d19fdf53603310203c8bc83e1d27e14b60cac0a65932fe3824dedca50ff5c0a9
BumbleBee
e8b1a240c6fad4dd2e7bd0b08a0681131f2804d64d58869e60ad333cddc58cb0
BumbleBee
+ 2'147 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion
Link:
https://tria.ge/reports/220511-wjkchahefm/
Behaviour
Suspicious behavior: EnumeratesProcesses
Checks BIOS information in registry
Identifies Wine through registry keys
Enumerates VirtualBox registry keys
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Looks for VirtualBox Guest Additions in registry
Unpacked files
SH256 hash:
25ccf19af5dac51ec76ce6da1d2958d5dee34e50e78938b187b627f8771317d1
MD5 hash:
b07d064220b48ac3b110e6ebe1e4f542
SHA1 hash:
c3bb172894a4e0e1ecc93fcd1bd78450ab4ca195
Link:
https://www.unpac.me/results/4dedd06c-33ab-474d-bf73-3729a85aaaf9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/25ccf19af5dac51ec76ce6da1d2958d5dee34e50e78938b187b627f8771317d1

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:crime_win64_bumbleebee_loader_packed
Create hunting rule
Author:Rony (@r0ny_123)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/269754/

Comments