MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6483435f12ab4a0babe3abeda8511e1f00560f1e4482f30fa2ed32daf39c0be1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6483435f12ab4a0babe3abeda8511e1f00560f1e4482f30fa2ed32daf39c0be1
SHA3-384 hash: 2f5a8f535634ebb3f127ad81ace86ba188364e71a94f2cd44b3b735f6b19bebc6c46f4b3f62902f0c40ef5baaeb6a41b
SHA1 hash: 9b107dd8a2d34819bd94dfcc1bb65a0106a95660
MD5 hash: df34f23037c5dc05c2f03513928b4b97
humanhash: alaska-winner-louisiana-carpet
File name:BUMBLEBEE ISO.iso
Download: download sample
File size:2'306'048 bytes
First seen:2022-03-21 08:30:24 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 49152:5iCsh74TQUm5D0/pwphZ+byFW1igxwlqPGOg14:+2xlALay+LxO1O5
TLSH T114B57C45A7A804E4DAB6C13CC9569607E7F2B8150370DBDF0AA84AFA0F237D11EBE754
Reporter JAMESWT_WT
Tags:BUMBLEBEE ISO EXOTICLILY iso

Intelligence

File Origin
# of uploads :
1
# of downloads :
143
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Lnk.Trojan.BazarLoader-9936113-2
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive obfuscated rundll32 rundll32.exe
Link:
https://www.filescan.io/uploads/623837cfdfdfa8501cc5c741/reports/a513a62f-fabb-4b10-ae8c-a6d88a441d94/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6483435f12ab4a0babe3abeda8511e1f00560f1e4482f30fa2ed32daf39c0be1/
Threat name:
Win64.Trojan.Emipdiy
Create hunting rule
Status:
Malicious
First seen:
2022-03-21 08:31:17 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
13 of 42 (30.95%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/220321-keregaaec3/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6483435f12ab4a0babe3abeda8511e1f00560f1e4482f30fa2ed32daf39c0be1

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Detect_BazarISO
Create hunting rule
Author:@johnk3r
Description:Detects BazarISO

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments