MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5dfb336d76117d16f7baecb5653cb86f363c61f2497ad12d1cf47aeb02b5c398. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BumbleBee


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5dfb336d76117d16f7baecb5653cb86f363c61f2497ad12d1cf47aeb02b5c398
SHA3-384 hash: d2d1ecf9ef9931cecd60bbbbf3446268137d9d91ae5b0dec545aa6ea5d2b3112fd1319865d6841a231b6e4f316e91398
SHA1 hash: 4b4792ffcb57b1942bbad0c0db56cce751181ba1
MD5 hash: 76d35633286e5bf84f477ea691a4bf37
humanhash: white-nevada-green-muppet
File name:invoice_152_request.iso
Download: download sample
Signature BumbleBee
Create hunting rule
File size:2'619'392 bytes
First seen:2022-04-18 21:03:48 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 49152:FsFqGOf5xlR+f195tkEkJtEQKbSj1Nfg9kQ2WbApFCqKyR:qqGOf53Uf5xkbEQCSj16k9WbARK+
TLSH T132C51322E39FD649F811B6368698E81FC48F68079C738166ED8FCB4A4521611CEFC6F5
TrID 99.6% (.NULL) null bytes (2048000/1)
0.2% (.ATN) Photoshop Action (5007/6/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
0.0% (.ABR) Adobe PhotoShop Brush (1002/3)
0.0% (.SMT) Memo File Apollo Database Engine (88/84)
Reporter k3dg3___
Tags:BUMBLEBEE iso

Intelligence

File Origin
# of uploads :
1
# of downloads :
320
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27118.LnkHeur.UNOFFICIAL
Create hunting rule

Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/625dd245ffe27d5119038f79/reports/4a805300-677e-4ace-869f-2da99080521c/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5dfb336d76117d16f7baecb5653cb86f363c61f2497ad12d1cf47aeb02b5c398/
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion
Link:
https://tria.ge/reports/220418-zwketadebl/
Behaviour
Suspicious behavior: EnumeratesProcesses
Checks BIOS information in registry
Identifies Wine through registry keys
Enumerates VirtualBox registry keys
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Looks for VirtualBox Guest Additions in registry
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5dfb336d76117d16f7baecb5653cb86f363c61f2497ad12d1cf47aeb02b5c398

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

BumbleBee

iso 5dfb336d76117d16f7baecb5653cb86f363c61f2497ad12d1cf47aeb02b5c398

(this sample)

Executable exe 7c4953b9bdb0f239ffa46c9104258eaba8a36b6156f3a9890e08d81bc2cacacc

  
Dropping
SHA256 7c4953b9bdb0f239ffa46c9104258eaba8a36b6156f3a9890e08d81bc2cacacc
  
Delivery method
Distributed via e-mail attachment

Comments