MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e35ce0c3fcdc14d4e441812c7856bdf6428734d8cea0b6d7c075963a5b4b307. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BumbleBee


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8e35ce0c3fcdc14d4e441812c7856bdf6428734d8cea0b6d7c075963a5b4b307
SHA3-384 hash: b971299904e583e62b05762c852ff9b202e2c758fa009f832bf296561b0c390849f0f6c6809bb04a57b1f576f6972f1e
SHA1 hash: 0d3e1b517781983f7b58e7b6b83384e83e8eb640
MD5 hash: 672ef9a2359f36e0a9dcb0227944beeb
humanhash: april-winner-king-two
File name:vEzFDEkEeKmEBW.dll
Download: download sample
Signature BumbleBee
Create hunting rule
File size:2'340'352 bytes
First seen:2022-11-01 05:18:18 UTC
Last seen:2022-11-01 07:23:34 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d704d8f79523ef1fb18dbe49264c7221 (1 x BumbleBee)
ssdeep 49152:+lU8yggsqIDwKXtjC+Nc1zQE5eFCUhVI/VocWPR5/rr23feAH/:8OLspjV1C3/VolfTrKeAf
Threatray 2'464 similar samples on MalwareBazaar
TLSH T1D1B5E043D2B71FAEC063F8BFC8A34517AA5567A6AF13875B124CC26DB8825504F9273C
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter Rony
Tags:BUMBLEBEE dll exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
467
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
vEzFDEkEeKmEBW.dll
Verdict:
No threats detected
Analysis date:
2022-11-01 05:19:28 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b0f49dff-b0a4-44b0-8b00-6ad60993b082

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Win64.Malware-gen.8296.3201.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/6360ac46736e9d884f0dbeb7/reports/7d3a817a-76c3-4e7a-8748-ede8db8064a5/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Ramnit
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/9caba44c-333d-42a6-a542-881e710f9361
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1102265
Signature
Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Sets debug register (to hijack the execution of another thread)
Snort IDS alert for network traffic
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 734927 Sample: vEzFDEkEeKmEBW.dll.exe Startdate: 01/11/2022 Architecture: WINDOWS Score: 76 32 Snort IDS alert for network traffic 2->32 34 Malicious sample detected (through community Yara rule) 2->34 36 Antivirus detection for URL or domain 2->36 7 loaddll64.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 rundll32.exe 7->11         started        14 rundll32.exe 7->14         started        16 6 other processes 7->16 signatures5 18 rundll32.exe 9->18         started        40 Sets debug register (to hijack the execution of another thread) 11->40 22 WerFault.exe 20 9 14->22         started        24 WerFault.exe 9 16->24         started        process6 dnsIp7 26 87.63.59.62, 144 TDCTDCASDK Denmark 18->26 28 208.5.49.168, 339 SPRINTLINKUS United States 18->28 30 13 other IPs or domains 18->30 38 System process connects to network (likely due to code injection or exploit) 18->38 signatures8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8e35ce0c3fcdc14d4e441812c7856bdf6428734d8cea0b6d7c075963a5b4b307/
Threat name:
Win64.Downloader.BumbleBee
Create hunting rule
Status:
Malicious
First seen:
2022-10-31 19:39:31 UTC
File Type:
PE+ (Dll)
Extracted files:
1
AV detection:
19 of 26 (73.08%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ry244db7zxau2tsedajmpbll35scq42nrtvaw3l4a5mwhjnuwmdq._file
Verdict:
malicious
Similar samples:
7e7ca9fef0083b88e55d517ada57c8a51018000e601d6043815558445277f913
BumbleBee
9938cd36c4ba702ce2b134f842c69b71cb56e11bb2dcbfd479074cda88403994
BumbleBee
a0ef27df11265b6574151454bd072b2854b26512fa7be152e3ddd316833408c9
BumbleBee
c78290da99475f965ce54f737e0927a9855e03c9a27f2ee7a797562533779305
BumbleBee
ddb9895f9e74d3e7db4e94aa77338fdc221ed29f29857a9752545cddcf8f45a6
BumbleBee
e8b1a240c6fad4dd2e7bd0b08a0681131f2804d64d58869e60ad333cddc58cb0
BumbleBee
+ 2'454 additional samples on MalwareBazaar
Result
Malware family:
bumblebee
Create hunting rule
Score:
  10/10
Tags:
family:bumblebee botnet:2710vm trojan
Link:
https://tria.ge/reports/221101-fztywagda7/
Behaviour
Suspicious use of NtCreateThreadExHideFromDebugger
Blocklisted process makes network request
BumbleBee
Malware Config
C2 Extraction:
23.106.160.141:443
198.98.56.242:443
104.244.77.61:443
Unpacked files
SH256 hash:
8e35ce0c3fcdc14d4e441812c7856bdf6428734d8cea0b6d7c075963a5b4b307
MD5 hash:
672ef9a2359f36e0a9dcb0227944beeb
SHA1 hash:
0d3e1b517781983f7b58e7b6b83384e83e8eb640
Link:
https://www.unpac.me/results/e3d4638f-a5a7-40f6-9ae0-61e33d371c2f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8e35ce0c3fcdc14d4e441812c7856bdf6428734d8cea0b6d7c075963a5b4b307

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments