MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a49e2f06ba48d3a88fdeb83fb8021f3d165535e8ea5319b16a7ebe4da9c0751. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BumbleBee


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4a49e2f06ba48d3a88fdeb83fb8021f3d165535e8ea5319b16a7ebe4da9c0751
SHA3-384 hash: 74edb354b5439e21fc87ee81e4ab1c57989ccd87aa876fad08b897b63a5549f18e03f2765af88268ce569559a8ee6126
SHA1 hash: aa157fabb858a9e7ae0d138246545f776934cba7
MD5 hash: c9e37a67f7e3dd3826c23ee04a62ec7b
humanhash: jersey-purple-east-pennsylvania
File name:4a49e2f06ba48d3a88fdeb83fb8021f3d165535e8ea5319b16a7ebe4da9c0751
Download: download sample
Signature BumbleBee
Create hunting rule
File size:2'856'448 bytes
First seen:2022-04-15 13:22:48 UTC
Last seen:2022-04-20 10:24:48 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1d82bf632cebe965dec26a1a33b3e5dc (1 x BumbleBee)
ssdeep 49152:+jThLI9aW/+9xRAfRJiN9KtmkP8vfuGia3F2JgN8kupvjgi3M8pp/:+XdO+9x4JiN9umkP8vfuGia3F2JgN8kG
Threatray 2'061 similar samples on MalwareBazaar
TLSH T1A9D5F19EDD96EA428C2044F43E9FC3E13549A648D0FE0EA198BD503A92D587D35FF29C
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter JAMESWT_WT
Tags:BUMBLEBEE exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
412
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
4a49e2f06ba48d3a88fdeb83fb8021f3d165535e8ea5319b16a7ebe4da9c0751
Verdict:
No threats detected
Analysis date:
2022-04-15 13:28:58 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/263fce8f-0222-4c44-8625-833f84861378

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/263996/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/13973/overview
Behaviour
MalwareBazaar
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/625971c0eab80a7a6c1c6bb4/reports/56328862-aadd-41b2-851c-2d9ff041ffc5/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/5223d0a2-bcfb-462a-9b43-433c1a2cb5ff
Result
Threat name:
BumbleBee
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/977413
Signature
C2 URLs / IPs found in malware configuration
Contain functionality to detect virtual machines
Found malware configuration
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Searches for specific processes (likely to inject)
Sigma detected: Suspicious Call by Ordinal
System process connects to network (likely due to code injection or exploit)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected BumbleBee
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4a49e2f06ba48d3a88fdeb83fb8021f3d165535e8ea5319b16a7ebe4da9c0751/
Threat name:
Win64.Trojan.Bumbleloader
Create hunting rule
Status:
Malicious
First seen:
2022-04-07 01:13:00 UTC
File Type:
PE+ (Dll)
AV detection:
19 of 42 (45.24%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0659390fe57012c9d29bacb0e85b61f7de968a6008f91d9c729e18c784b2cca1
BumbleBee
5be0c2df3f2dbca7bfbe77a8eb96abc472bfc6a566aa26cccd8e9937f446dad3
BumbleBee
60ffd58d499a7b7325e63596fc8f14b570f60112bff2e8c69632002ea0cff7ef
BumbleBee
6168d9f1cb0bc329fe76a0ebb8a782617de9bb0da2372e1f2728db856daf5007
BumbleBee
88851c425fbc7879abe5838f3e072d18e350b21ca9fe367e6d9fb7bd27585753
BumbleBee
9fd92b2633147d58a5d4a28d1f5f66a11873c4185c44429295cda9956defa6d4
BumbleBee
f98898df74fb2b2fad3a2ea2907086397b36ae496ef3f4454bf6b7125fc103b8
BumbleBee
+ 2'051 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion
Link:
https://tria.ge/reports/220415-qmsv6aead4/
Behaviour
Suspicious behavior: EnumeratesProcesses
Checks BIOS information in registry
Identifies Wine through registry keys
Enumerates VirtualBox registry keys
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Looks for VirtualBox Guest Additions in registry
Unpacked files
SH256 hash:
4a49e2f06ba48d3a88fdeb83fb8021f3d165535e8ea5319b16a7ebe4da9c0751
MD5 hash:
c9e37a67f7e3dd3826c23ee04a62ec7b
SHA1 hash:
aa157fabb858a9e7ae0d138246545f776934cba7
Link:
https://www.unpac.me/results/2eb33516-6a28-4679-b418-afb6aa7251fd/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/4a49e2f06ba48d3a88fdeb83fb8021f3d165535e8ea5319b16a7ebe4da9c0751

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/263996/

Comments