MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51bb71bd446bd7fc03cc1234fcc3f489f10db44e312c9ce619b937fad6912656. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

BumbleBee

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	51bb71bd446bd7fc03cc1234fcc3f489f10db44e312c9ce619b937fad6912656
SHA3-384 hash:	40a8a6b9b726f1122e9294bcbb3db29daa13313b9bfaea7a5f3ca51ba1b364113aebf0f516a37e337d72d167b3197abf
SHA1 hash:	4501edd7904033cfdee783c03af2df0db935be30
MD5 hash:	a740177df6f2918373d4e6f482b8c2e3
humanhash:	carpet-papa-idaho-harry
File name:	sample.dll
Download:	download sample
Signature	BumbleBee Create hunting rule
File size:	924'672 bytes
First seen:	2023-02-03 17:39:49 UTC
Last seen:	2023-02-03 19:38:49 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	5b5de5739f4fcbaa215d9c878921b5a7 (1 x BumbleBee)
ssdeep	24576:gYfSxQ6Gjq/v/PQ7fV+Hz9PuYWp9ToAbXjTA+JxN9QS:/fSqovPQ7Cs9FbTTAAbx
Threatray	3'032 similar samples on MalwareBazaar
TLSH	T18E150105E6D60EDED12AC3FB44920135E525F335A510E9BF4A8CB76EED227E14236E2C
TrID	45.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 18.3% (.EXE) OS/2 Executable (generic) (2029/13) 18.0% (.EXE) Generic Win/DOS Executable (2002/3) 18.0% (.EXE) DOS Executable Generic (2000/1)
Reporter	604Kuzushi
Tags:	BUMBLEBEE exe

604Kuzushi

Via hxxp[://comunidadnft[.com/view.png

Intelligence

File Origin

# of uploads :

# of downloads :

229

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

sample.dll

Verdict:

Malicious activity

Analysis date:

2023-02-03 17:41:36 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/5bf5894b-1e85-42fc-bc0a-72dac8230416

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/359992/

Detection(s):

SecuriteInfo.com.Win64.DropperX-gen.9356.10400.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/63dd46f41c9cbf7d6255a359/reports/f11a9496-a6f4-45ab-a38a-e3ac49725abd/overview

Verdict:

Malicious

Labled as:

Win64/Kryptik_AGeneric.FM trojan

Link:

https://www.hybrid-analysis.com/sample/51bb71bd446bd7fc03cc1234fcc3f489f10db44e312c9ce619b937fad6912656

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/723ce040-bd1b-4248-9ba5-a92ca0e2fab6

Result

Threat name:

BumbleBee

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1165314

Signature

C2 URLs / IPs found in malware configuration

Contain functionality to detect virtual machines

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Searches for specific processes (likely to inject)

Sets debug register (to hijack the execution of another thread)

Snort IDS alert for network traffic

System process connects to network (likely due to code injection or exploit)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected BumbleBee

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/51bb71bd446bd7fc03cc1234fcc3f489f10db44e312c9ce619b937fad6912656/

Threat name:

Win64.Trojan.Bumbleloader

Status:

Malicious

First seen:

2023-02-03 17:40:07 UTC

File Type:

PE+ (Dll)

Extracted files:

AV detection:

14 of 26 (53.85%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=kg5xdpkenpl7ya6mci2pzq7urhyq3ncogewjzzqzxe37vvurezla._file

Verdict:

malicious

BumbleBee

9938cd36c4ba702ce2b134f842c69b71cb56e11bb2dcbfd479074cda88403994

BumbleBee

a0ef27df11265b6574151454bd072b2854b26512fa7be152e3ddd316833408c9

BumbleBee

c78290da99475f965ce54f737e0927a9855e03c9a27f2ee7a797562533779305

BumbleBee

ddb9895f9e74d3e7db4e94aa77338fdc221ed29f29857a9752545cddcf8f45a6

BumbleBee

e78686c842f5497fa096978d9c4e7b4bff76cb4f34bba2a9d4fb64d06e554a2f

BumbleBee

+ 3'022 additional samples on MalwareBazaar

Result

Malware family:

bumblebee

Score:

10/10

Tags:

family:bumblebee botnet:tokdll trojan

Link:

https://tria.ge/reports/230203-v8vn4agd43/

Behaviour

Suspicious use of NtCreateThreadExHideFromDebugger

Blocklisted process makes network request

BumbleBee

Malware Config

C2 Extraction:

195.20.17.233:443
192.111.146.189:443
62.113.238.73:443

Unpacked files

SH256 hash:

51bb71bd446bd7fc03cc1234fcc3f489f10db44e312c9ce619b937fad6912656

MD5 hash:

a740177df6f2918373d4e6f482b8c2e3

SHA1 hash:

4501edd7904033cfdee783c03af2df0db935be30

Link:

https://www.unpac.me/results/0056999d-9e97-4dfd-924d-f78abdf9f778/

Malware family:

BumbleBee

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/51bb71bd446b/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/51bb71bd446bd7fc03cc1234fcc3f489f10db44e312c9ce619b937fad6912656

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/359992/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample