MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9a149522394b1718586436d43d72a9c9fece1f5c63478b6045b99421a35afecb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

BumbleBee

Vendor detections: 14

Intelligence 14 IOCs YARA File information Comments

SHA256 hash:	9a149522394b1718586436d43d72a9c9fece1f5c63478b6045b99421a35afecb
SHA3-384 hash:	47e2b80a0330b237e394525e2f955967affe374c56e93aaeefe15d147278c6ea0a453b6dfdf8b96dffd36dc60d6365e1
SHA1 hash:	f6554c45d574e960ed5f262779ff5aaeb928384e
MD5 hash:	63f8c02fa87e750af09aad4f48b1aa4b
humanhash:	fillet-washington-romeo-maryland
File name:	amateur.dll
Download:	download sample
Signature	BumbleBee Create hunting rule
File size:	1'081'856 bytes
First seen:	2023-02-15 05:11:14 UTC
Last seen:	2023-02-15 06:29:43 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	25b5edb4cd709316692ebfcfaca9f949 (2 x BumbleBee)
ssdeep	24576:dTOm8Acqmr0tSEud7LgCgF1ZlPluqzGfGhu7h:dzcZotSwCgHEqzG+4
Threatray	3'127 similar samples on MalwareBazaar
TLSH	T17A35E007B67E0BBBC032DA3689E701D2EB3176A3E712476F458981283D977415EA7339
TrID	48.7% (.EXE) Win64 Executable (generic) (10523/12/4) 23.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 9.3% (.EXE) OS/2 Executable (generic) (2029/13) 9.2% (.EXE) Generic Win/DOS Executable (2002/3) 9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter	Rony
Tags:	132lg BUMBLEBEE dll exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

248

Origin country :

IN

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

amateur.dll

Verdict:

Malicious activity

Analysis date:

2023-02-15 05:12:43 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/f221693e-9767-4ae4-a463-cbbf37eb496a

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

BumbleBeeLoader

Link:

https://www.capesandbox.com/analysis/366361/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.65488415.31915.10937.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

cobalt greyware packed

Link:

https://www.filescan.io/uploads/63ec69a33d31856c2cc89c06/reports/a4697929-68dd-4816-b99e-e03564c9ec79/overview

Verdict:

Malicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/9a149522394b1718586436d43d72a9c9fece1f5c63478b6045b99421a35afecb

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/8e75b4ee-b583-4d01-96d1-d25820be10a3

Result

Threat name:

BumbleBee

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1175296

Behaviour

Behavior Graph:

n/a

Detection:

bumblebee

Link:

https://mwdb.cert.pl/sample/9a149522394b1718586436d43d72a9c9fece1f5c63478b6045b99421a35afecb/

Threat name:

Win64.Trojan.BumbleBee

Status:

Malicious

First seen:

2023-02-13 23:40:53 UTC

File Type:

PE+ (Dll)

Extracted files:

1

AV detection:

21 of 25 (84.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=tikjkirzjmlrqwdeg3kd24vjzh7m4h24mndywycfxgkcdi2273fq._file

Verdict:

malicious

Similar samples:

51bb71bd446bd7fc03cc1234fcc3f489f10db44e312c9ce619b937fad6912656

9938cd36c4ba702ce2b134f842c69b71cb56e11bb2dcbfd479074cda88403994

c78290da99475f965ce54f737e0927a9855e03c9a27f2ee7a797562533779305

c9eb997b9af05af641a3708b006e34e6a9a4e7755fca72205cd187110375e7ac

ddb9895f9e74d3e7db4e94aa77338fdc221ed29f29857a9752545cddcf8f45a6

e78686c842f5497fa096978d9c4e7b4bff76cb4f34bba2a9d4fb64d06e554a2f

+ 3'117 additional samples on MalwareBazaar

Result

Malware family:

bumblebee

Score:

10/10

Tags:

family:bumblebee botnet:132lg trojan

Link:

https://tria.ge/reports/230215-fvvdvaac63/

Behaviour

Suspicious use of NtCreateThreadExHideFromDebugger

Blocklisted process makes network request

BumbleBee

Malware Config

C2 Extraction:

205.185.113.34:443
103.144.139.146:443
23.106.223.222:443
95.168.191.248:443
23.106.223.182:443
146.70.29.237:443

Unpacked files

SH256 hash:

9a149522394b1718586436d43d72a9c9fece1f5c63478b6045b99421a35afecb

MD5 hash:

63f8c02fa87e750af09aad4f48b1aa4b

SHA1 hash:

f6554c45d574e960ed5f262779ff5aaeb928384e

Link:

https://www.unpac.me/results/531b74d4-70df-4016-b6d1-d39ec0db7880/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/9a149522394b1718586436d43d72a9c9fece1f5c63478b6045b99421a35afecb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/366361/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample