MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8f47c3962a7c418bae71fec42bbca9524b72f8f0fd2dd81d1175138f7d20b2f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BumbleBee


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8f47c3962a7c418bae71fec42bbca9524b72f8f0fd2dd81d1175138f7d20b2f7
SHA3-384 hash: b9e65f227630604825f43f4bd91b33e0190bb4077393c6dd558cc1a93cd4492eb46c565476c1f88d49e676525b7a4548
SHA1 hash: bfc8b6501dfac4583979f12552535c2923b881bf
MD5 hash: 8335ad591afdfdd65f90536b9ff15597
humanhash: alabama-michigan-ceiling-timing
File name:8f47c3962a7c418bae71fec42bbca9524b72f8f0fd2dd81d1175138f7d20b2f7
Download: download sample
Signature BumbleBee
Create hunting rule
File size:2'859'008 bytes
First seen:2022-04-15 13:22:01 UTC
Last seen:2022-04-20 10:21:40 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 62a174d0376a123f2ed2397c507a8972 (1 x BumbleBee)
ssdeep 49152:K1GTzcSFGB0tWWYLGPFn7aRmNkk/yCAgQ2MccAnpgSpWaI7+lNOl7AmWzOCI9e:K1G3lExTLGtomNkk/yCAgQ2MccAnpgSR
Threatray 2'061 similar samples on MalwareBazaar
TLSH T11AD5E15FCD96EA52DC3040E43EEF83D0665DA644C4FA0EA2A4AD5039C3D687D35AF29C
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter JAMESWT_WT
Tags:BUMBLEBEE exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
396
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
8f47c3962a7c418bae71fec42bbca9524b72f8f0fd2dd81d1175138f7d20b2f7
Verdict:
No threats detected
Analysis date:
2022-04-15 13:26:38 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e75a5971-3167-423e-abde-302e07b99688

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/263991/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.50083556.6716.8756.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/13969/overview
Behaviour
MalwareBazaar
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6259717effe27d5119dab9e7/reports/4b4c8444-b644-401e-9fe9-29f4df668df3/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a1b40729-6f12-4653-9cd4-ef5da4efc5c1
Result
Threat name:
BumbleBee
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/977411
Signature
C2 URLs / IPs found in malware configuration
Contain functionality to detect virtual machines
Found malware configuration
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Searches for specific processes (likely to inject)
Sigma detected: Suspicious Call by Ordinal
System process connects to network (likely due to code injection or exploit)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected BumbleBee
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8f47c3962a7c418bae71fec42bbca9524b72f8f0fd2dd81d1175138f7d20b2f7/
Threat name:
Win64.Trojan.Bumbleloader
Create hunting rule
Status:
Malicious
First seen:
2022-04-07 01:34:00 UTC
File Type:
PE+ (Dll)
AV detection:
19 of 42 (45.24%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0659390fe57012c9d29bacb0e85b61f7de968a6008f91d9c729e18c784b2cca1
BumbleBee
5be0c2df3f2dbca7bfbe77a8eb96abc472bfc6a566aa26cccd8e9937f446dad3
BumbleBee
60ffd58d499a7b7325e63596fc8f14b570f60112bff2e8c69632002ea0cff7ef
BumbleBee
6168d9f1cb0bc329fe76a0ebb8a782617de9bb0da2372e1f2728db856daf5007
BumbleBee
88851c425fbc7879abe5838f3e072d18e350b21ca9fe367e6d9fb7bd27585753
BumbleBee
9fd92b2633147d58a5d4a28d1f5f66a11873c4185c44429295cda9956defa6d4
BumbleBee
f98898df74fb2b2fad3a2ea2907086397b36ae496ef3f4454bf6b7125fc103b8
BumbleBee
+ 2'051 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion
Link:
https://tria.ge/reports/220415-ql79fseab4/
Behaviour
Suspicious behavior: EnumeratesProcesses
Checks BIOS information in registry
Identifies Wine through registry keys
Enumerates VirtualBox registry keys
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Looks for VirtualBox Guest Additions in registry
Unpacked files
SH256 hash:
8f47c3962a7c418bae71fec42bbca9524b72f8f0fd2dd81d1175138f7d20b2f7
MD5 hash:
8335ad591afdfdd65f90536b9ff15597
SHA1 hash:
bfc8b6501dfac4583979f12552535c2923b881bf
Link:
https://www.unpac.me/results/fb927d76-50b2-4c8c-a3c8-d7351c5b7e28/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/8f47c3962a7c418bae71fec42bbca9524b72f8f0fd2dd81d1175138f7d20b2f7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/263991/

Comments