MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 533a64b3cc5a88f54855a46a0fd146881cfd35c6e3ae246cd7f5be6efcc83ec6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BumbleBee


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 533a64b3cc5a88f54855a46a0fd146881cfd35c6e3ae246cd7f5be6efcc83ec6
SHA3-384 hash: edff19867ea356ae5339113fc778f607fe6919e9edb038716dfbcf9df6c80ad8c98b64ce3d6cf00f3fb751b219e950dd
SHA1 hash: d5b6ca14a11377c3163c33aa093be1204f649772
MD5 hash: 409502b97ae5978df137e47fda415cf1
humanhash: golf-seventeen-blossom-emma
File name:SecuriteInfo.com.Win64.DropperX-gen.15729.4234
Download: download sample
Signature BumbleBee
Create hunting rule
File size:1'226'256 bytes
First seen:2023-05-20 02:29:34 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 47e01530ad43ec939d1c47709a80a5c6 (29 x BumbleBee)
ssdeep 24576:+f1mNgvhcTL+puoCTrQwYKUkzGE0MbyvDPZGz7VlWnJ0iKS0tMNiW:dQS+WvVUxle5W
Threatray 954 similar samples on MalwareBazaar
TLSH T13D45F111E6921FF8E466927681AB252FBB303E184325D37BABC0C2377D927D45F1A760
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter SecuriteInfoCom
Tags:BUMBLEBEE exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
290
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Win64.DropperX-gen.15729.4234
Verdict:
No threats detected
Analysis date:
2023-05-20 02:31:31 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ad09c0d4-ec10-4a63-b9ae-9be7de5251e7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Win64.DropperX-gen.15729.4234.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/646830adbb4e3c3ac3e107ce/reports/10697552-389e-40ae-9c0b-f9e2522133e0/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/533a64b3cc5a88f54855a46a0fd146881cfd35c6e3ae246cd7f5be6efcc83ec6
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e88cebec-6cb0-4b7f-96cf-9b729557ff95
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1237832
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 870827 Sample: SecuriteInfo.com.Win64.Drop... Startdate: 20/05/2023 Architecture: WINDOWS Score: 48 28 Multi AV Scanner detection for submitted file 2->28 8 loaddll64.exe 1 2->8         started        process3 process4 10 cmd.exe 1 8->10         started        12 rundll32.exe 8->12         started        14 rundll32.exe 8->14         started        16 5 other processes 8->16 process5 18 rundll32.exe 10->18         started        20 WerFault.exe 21 9 12->20         started        22 WerFault.exe 9 14->22         started        24 WerFault.exe 9 16->24         started        process6 26 WerFault.exe 9 18->26         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/533a64b3cc5a88f54855a46a0fd146881cfd35c6e3ae246cd7f5be6efcc83ec6/
Threat name:
Win64.Trojan.Bumbleloader
Create hunting rule
Status:
Malicious
First seen:
2023-05-20 02:30:08 UTC
File Type:
PE+ (Dll)
Extracted files:
2
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=km5gjm6mlkepkscvurva7ukgraop2nog4oxci3gx6w7g57gih3da._file
Verdict:
malicious
Similar samples:
1204e4696d0d772fa1427b09cc9aa9220da5cde89ebd6bf8fb0ba91153a042f3
BumbleBee
15b54ec76f69f3a5260e7ea1be48135828082d59e88edad043434af3f5f65ca0
BumbleBee
22660e6687461301bbf29d313ecc4d4bc926651698cc0b145d7844e3115900b4
BumbleBee
32fb748a0edff589f8dd92fe17ee7bd3a29a6d874846e83c0101cbac86ce548f
BumbleBee
67bbd7501acba95a94a174e9207035d1deb292d2d1752cbc5073d06cc724d24a
BumbleBee
78cf36a4dc3af2ffb0dd7fe40e67804899e4940d8ee142bfa19b3ebb02462684
BumbleBee
8e8e213d3be36b54778b1bd04b565225c50530b82dd57c6354922eb3e9cb7137
BumbleBee
c7c3e25459e175c01298b4ac9669862d261d99560c9344f17fbc6c971d6db414
BumbleBee
d4eaf1e515482cd249f3c821400f76a7baf343addd9db78c5663f6e65268c315
BumbleBee
d5f0a275463d5c31d8921951aa94f0733e97271a881732512bd104a818455b0b
BumbleBee
+ 944 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230520-cy53zace9x/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
533a64b3cc5a88f54855a46a0fd146881cfd35c6e3ae246cd7f5be6efcc83ec6
MD5 hash:
409502b97ae5978df137e47fda415cf1
SHA1 hash:
d5b6ca14a11377c3163c33aa093be1204f649772
Link:
https://www.unpac.me/results/e9862b62-88e6-4469-87b9-9c5848c592d7/
Malware family:
BumbleBee
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/533a64b3cc5a/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/533a64b3cc5a88f54855a46a0fd146881cfd35c6e3ae246cd7f5be6efcc83ec6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments