MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5be0c2df3f2dbca7bfbe77a8eb96abc472bfc6a566aa26cccd8e9937f446dad3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

BumbleBee

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	5be0c2df3f2dbca7bfbe77a8eb96abc472bfc6a566aa26cccd8e9937f446dad3
SHA3-384 hash:	951f83fbb4c597ecafcd82bde4c10f667622e0a82a75475267374053a028e123f1468f2dc0a93f7883eb0ca4d01111fd
SHA1 hash:	dd803a0e41bdaa2c2d6ee86bb0dfa288da788bce
MD5 hash:	8dbc3035b9bb7ba4e7cac241038d239a
humanhash:	pip-social-mexico-green
File name:	autorun.dll
Download:	download sample
Signature	BumbleBee Create hunting rule
File size:	2'935'808 bytes
First seen:	2022-04-12 16:12:04 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	708e5362b020437910496bc30e1d0517 (1 x BumbleBee)
ssdeep	49152:Uahx4O5E8i+IPSliaD9N0Hq5R+jJaRzj4t8MzSRMpENkyk/priDTnJK:fxy8i9snaq5R+jJaRz
Threatray	2'054 similar samples on MalwareBazaar
TLSH	T170D5F18D89378859CD2126BC2C6F63913F9D26DED8C887770358ED357AA243F60CA974
Reporter	pr0xylife
Tags:	BUMBLEBEE exe

Intelligence

File Origin

# of uploads :

# of downloads :

368

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

bb.dll

Verdict:

No threats detected

Analysis date:

2022-04-12 18:40:57 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/2d9d760c-cf10-481e-b561-f1849fe66439

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/263168/

Detection(s):

SecuriteInfo.com.W64.Kryptik.GKA.genEldorado.29722.19152.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Result

Malware family:

n/a

Score:

0/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/13658/overview

Verdict:

No Threat

Threat level:

2/10

Confidence:

100%

Tags:

replace.exe shell32.dll

Link:

https://www.filescan.io/uploads/6255a511eab80a7a6c01da04/reports/513155bc-e8ef-44fb-98e5-6a9a3f835ef8/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/0dbdfabe-c8b6-4cd0-8b9a-dd9fe4397299

Result

Threat name:

BumbleBee

Detection:

malicious

Classification:

troj.evad

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/975565

Signature

Contain functionality to detect virtual machines

Multi AV Scanner detection for submitted file

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Searches for specific processes (likely to inject)

Sigma detected: Suspicious Call by Ordinal

System process connects to network (likely due to code injection or exploit)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected BumbleBee

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5be0c2df3f2dbca7bfbe77a8eb96abc472bfc6a566aa26cccd8e9937f446dad3/

Threat name:

Win64.Trojan.Bumbleloader

Status:

Malicious

First seen:

2022-04-12 16:13:09 UTC

File Type:

PE+ (Dll)

AV detection:

15 of 26 (57.69%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=lpqmfxz7fw6kpp56o6uoxfvlyrzl7rvfm2vcntgnr2mtp5cg3ljq._file

Verdict:

malicious

BumbleBee

60ffd58d499a7b7325e63596fc8f14b570f60112bff2e8c69632002ea0cff7ef

BumbleBee

6168d9f1cb0bc329fe76a0ebb8a782617de9bb0da2372e1f2728db856daf5007

BumbleBee

88851c425fbc7879abe5838f3e072d18e350b21ca9fe367e6d9fb7bd27585753

BumbleBee

9fd92b2633147d58a5d4a28d1f5f66a11873c4185c44429295cda9956defa6d4

BumbleBee

e8b1a240c6fad4dd2e7bd0b08a0681131f2804d64d58869e60ad333cddc58cb0

BumbleBee

f98898df74fb2b2fad3a2ea2907086397b36ae496ef3f4454bf6b7125fc103b8

BumbleBee

+ 2'044 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

9/10

Tags:

evasion

Link:

https://tria.ge/reports/220412-tn3crsgfd6/

Behaviour

Suspicious behavior: EnumeratesProcesses

Checks BIOS information in registry

Identifies Wine through registry keys

Enumerates VirtualBox registry keys

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Looks for VirtualBox Guest Additions in registry

Unpacked files

SH256 hash:

5be0c2df3f2dbca7bfbe77a8eb96abc472bfc6a566aa26cccd8e9937f446dad3

MD5 hash:

8dbc3035b9bb7ba4e7cac241038d239a

SHA1 hash:

dd803a0e41bdaa2c2d6ee86bb0dfa288da788bce

Link:

https://www.unpac.me/results/02d3211f-258b-4476-811c-7bc7b8f9ab35/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/263168/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample