MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c4953b9bdb0f239ffa46c9104258eaba8a36b6156f3a9890e08d81bc2cacacc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7c4953b9bdb0f239ffa46c9104258eaba8a36b6156f3a9890e08d81bc2cacacc
SHA3-384 hash: 558031c4290c3e10866eca50cc13ea6a175b4afe7fbdf4ce526bcccc2ef03eb98dd3634eba6472976b092bfe59f10716
SHA1 hash: 5edd38330eedce237fe9a53751fe1012db534218
MD5 hash: 4286dc39760eca96dfddfba5d7231bde
humanhash: bluebird-ohio-mars-snake
File name:bere3.dll
Download: download sample
File size:2'555'392 bytes
First seen:2022-04-19 10:49:02 UTC
Last seen:2022-04-20 10:21:25 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2310f9a838371220cf65a7f668b2a0e6
ssdeep 49152:6sFqGOf5xlR+f195tkEkJtEQKbSj1Nfg9kQ2WbApFCqKyR:VqGOf53Uf5xkbEQCSj16k9WbARK+
Threatray 2'065 similar samples on MalwareBazaar
TLSH T1BEC51262E3DFD649F811B6368798E81FC88E68079C638166ED8FCB4A4424611CEFC5F5
TrID 45.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
18.3% (.EXE) OS/2 Executable (generic) (2029/13)
18.0% (.EXE) Generic Win/DOS Executable (2002/3)
18.0% (.EXE) DOS Executable Generic (2000/1)
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
231
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/264591/
Detection(s):
SecuriteInfo.com.UDS.Trojan.Win32.Khalesi.32058.3909.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/625e93a3ffe27d51190ab7a3/reports/91c85585-f0b1-406d-b3f9-7c1de96362ca/overview
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/eef3cff6-9479-4309-ad7c-eea6a58b89ff
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/978453
Signature
Contain functionality to detect virtual machines
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Searches for specific processes (likely to inject)
Sigma detected: Suspicious Call by Ordinal
System process connects to network (likely due to code injection or exploit)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7c4953b9bdb0f239ffa46c9104258eaba8a36b6156f3a9890e08d81bc2cacacc/
Threat name:
Win64.Trojan.Bumbleloader
Create hunting rule
Status:
Malicious
First seen:
2022-04-18 21:05:29 UTC
File Type:
PE+ (Dll)
AV detection:
17 of 38 (44.74%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0555b34b40f176362f5b9e070253358d8faec831f9675c03adfdb2929d168ee8
0659390fe57012c9d29bacb0e85b61f7de968a6008f91d9c729e18c784b2cca1
5be0c2df3f2dbca7bfbe77a8eb96abc472bfc6a566aa26cccd8e9937f446dad3
60ffd58d499a7b7325e63596fc8f14b570f60112bff2e8c69632002ea0cff7ef
6168d9f1cb0bc329fe76a0ebb8a782617de9bb0da2372e1f2728db856daf5007
88851c425fbc7879abe5838f3e072d18e350b21ca9fe367e6d9fb7bd27585753
9fd92b2633147d58a5d4a28d1f5f66a11873c4185c44429295cda9956defa6d4
e8b1a240c6fad4dd2e7bd0b08a0681131f2804d64d58869e60ad333cddc58cb0
f98898df74fb2b2fad3a2ea2907086397b36ae496ef3f4454bf6b7125fc103b8
+ 2'055 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion
Link:
https://tria.ge/reports/220419-mwpy3sdbhn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Checks BIOS information in registry
Identifies Wine through registry keys
Enumerates VirtualBox registry keys
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Looks for VirtualBox Guest Additions in registry
Unpacked files
SH256 hash:
7c4953b9bdb0f239ffa46c9104258eaba8a36b6156f3a9890e08d81bc2cacacc
MD5 hash:
4286dc39760eca96dfddfba5d7231bde
SHA1 hash:
5edd38330eedce237fe9a53751fe1012db534218
Link:
https://www.unpac.me/results/59a3dd02-85f9-47b5-acb7-c76ecc4db79b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/7c4953b9bdb0f239ffa46c9104258eaba8a36b6156f3a9890e08d81bc2cacacc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

BumbleBee

iso 5dfb336d76117d16f7baecb5653cb86f363c61f2497ad12d1cf47aeb02b5c398

Executable exe 7c4953b9bdb0f239ffa46c9104258eaba8a36b6156f3a9890e08d81bc2cacacc

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/264591/
  
Dropped by
SHA256 5dfb336d76117d16f7baecb5653cb86f363c61f2497ad12d1cf47aeb02b5c398
  
Dropped by
MD5 76d35633286e5bf84f477ea691a4bf37

Comments