MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 53b3ebaa3c485772f8e6abaa0f366ef192137496a7064e015ced4e6fc204b3c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

BumbleBee

Vendor detections: 9

Intelligence 9 IOCs YARA 1 File information Comments

SHA256 hash:	53b3ebaa3c485772f8e6abaa0f366ef192137496a7064e015ced4e6fc204b3c8
SHA3-384 hash:	05d19dc8c441bf03abc0884e818bb03828fb61e7eaad74d4102a857fc514f7182e530697ad6644a2da21e7ca7c9515b5
SHA1 hash:	ac6dff8d2277ad03618e9a464a7b3bb01674ddcd
MD5 hash:	54c0ae8530a79b79d62877e7527e236f
humanhash:	virginia-river-mississippi-crazy
File name:	data.log
Download:	download sample
Signature	BumbleBee Create hunting rule
File size:	2'333'696 bytes
First seen:	2022-03-01 16:17:56 UTC
Last seen:	2022-04-15 13:22:15 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	bc1fc12dfcfbfb96d61fc1ad211049f7 (4 x BumbleBee)
ssdeep	49152:IygszOLIrd+CJawonIPOfKvGRMOKIIIMvqPGsYP:LOFIP3GRh7Mv1ss
Threatray	1'958 similar samples on MalwareBazaar
TLSH	T1DAB57C16A7A804F5C9B6C23CC997960BE7F2B8150770EBDF0AA846B91F637D1163E740
Reporter	Anonymous
Tags:	BUMBLEBEE exe

Intelligence

File Origin

# of uploads :

# of downloads :

242

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

data.log

Verdict:

No threats detected

Analysis date:

2022-03-03 16:32:19 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/89b74611-ab9b-4b6a-abd6-a15c60001be1

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/245888/

Detection(s):

SecuriteInfo.com.DeepScan.Generic.Ursnif.3.1.26E7582F.21371.13526.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Сreating synchronization primitives

Using the Windows Management Instrumentation requests

Creating a file

Sending a custom TCP request

Creating a file in the system32 subdirectories

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/7797/overview

Behaviour

MeasuringTime

EvasionQueryPerformanceCounter

CheckCmdLine

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-vm greyware ursnif wscript.exe

Link:

https://www.filescan.io/uploads/621e47400cd58dbd925bf610/reports/f1e78b5e-541d-45cc-aa8a-ec888467ed41/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Ramnit

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/3b04cdd5-f53a-43b6-8e70-38ff03546a48

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/948375

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Sigma detected: Suspicious Call by Ordinal

System process connects to network (likely due to code injection or exploit)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/53b3ebaa3c485772f8e6abaa0f366ef192137496a7064e015ced4e6fc204b3c8/

Threat name:

Win64.Trojan.Ursnif

Status:

Malicious

First seen:

2022-03-01 16:18:14 UTC

File Type:

PE+ (Dll)

Extracted files:

AV detection:

11 of 28 (39.29%)

Threat level:

5/5

Verdict:

malicious

BumbleBee

437f639d05da27e1909877e3f8c39f70ee5d525a8be7c631e69f4141db287ab6

BumbleBee

596b8d2ea9be082c0eea726b7217597fe293eef85069a8dd03a6024b48c7a199

BumbleBee

6eedf45cb91f6762de4e35e36bcb03e5ad60ce9ac5a08caeb7eda035cd74762b

BumbleBee

8396909ec9189c75463b0868cdd5f2535bfd136c6bae194d8b4bfb362cd2ba8b

BumbleBee

d17d26fe698a00cf23683e5df58679d6d1bf18866de4b87edb62a2bc64cb22bc

BumbleBee

d19fdf53603310203c8bc83e1d27e14b60cac0a65932fe3824dedca50ff5c0a9

BumbleBee

d63c19155af0a329cd61cd832d7c4d2d5bbcb61067ea764283b664605979864f

BumbleBee

e8b1a240c6fad4dd2e7bd0b08a0681131f2804d64d58869e60ad333cddc58cb0

BumbleBee

+ 1'948 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/220301-tryhzsccaq/

Behaviour

Blocklisted process makes network request

Unpacked files

SH256 hash:

53b3ebaa3c485772f8e6abaa0f366ef192137496a7064e015ced4e6fc204b3c8

MD5 hash:

54c0ae8530a79b79d62877e7527e236f

SHA1 hash:

ac6dff8d2277ad03618e9a464a7b3bb01674ddcd

Link:

https://www.unpac.me/results/a1acc536-70f6-4ffa-bf31-7a1a770df5c1/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/53b3ebaa3c485772f8e6abaa0f366ef192137496a7064e015ced4e6fc204b3c8

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	sig_6eedf45cb91f6762de4e35e36bcb03e5ad60ce9ac5a08caeb7eda035cd74762b Create hunting rule
Author:	Ian Harte
Description:	CS Payload CVE-2021-40444
Reference:	https://github.com/Neo23x0/yarGen

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/245888/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample