MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b6d05d8f7f1f946806cd70f18f8b6af1b033900cfaa4ab7b7361b19696be9259. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BumbleBee


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b6d05d8f7f1f946806cd70f18f8b6af1b033900cfaa4ab7b7361b19696be9259
SHA3-384 hash: dc6d7269abf4e5f7666e7617433905b2212ae03849b50283eec85740a589e864f8c913b9531a153232bd54ced823a80a
SHA1 hash: 4454a27ff9f40d54231820f2b3352f55556c0533
MD5 hash: fcdf0ba1ce0384e1a55a9191d2761da0
humanhash: cola-stream-monkey-summer
File name:documents.ps1
Download: download sample
Signature BumbleBee
Create hunting rule
File size:2'354'250 bytes
First seen:2023-03-04 09:09:15 UTC
Last seen:Never
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 24576:4q2pALU9NJAWAdsCR7RIuXAxXgP0WEY/2DwF/mxUrF0ExGyP:SA4nJAlkfg9iG/1xb
TLSH T100B50B342EEA502A7173FF6D8AE475DADA5FBBA33703585D10A2038A0723942EDD153D
TrID 66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1)
33.3% (.MP3) MP3 audio (1000/1)
Reporter 0xToxin
Tags:202lg BUMBLEBEE ps1

Intelligence

File Origin
# of uploads :
1
# of downloads :
200
Origin country :
IL IL
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.VBS.Obfus-96.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
javascript powershell
Link:
https://www.filescan.io/uploads/64030aef93921fa042365fbe/reports/72bc763c-9281-4007-b129-db22e08ef3f1/overview
Verdict:
Malicious
Labled as:
PowerShell/Injector.DG trojan
Link:
https://www.hybrid-analysis.com/sample/b6d05d8f7f1f946806cd70f18f8b6af1b033900cfaa4ab7b7361b19696be9259
Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b6d05d8f7f1f946806cd70f18f8b6af1b033900cfaa4ab7b7361b19696be9259/
Threat name:
Win32.Trojan.Seheq
Create hunting rule
Status:
Malicious
First seen:
2023-02-21 13:08:02 UTC
File Type:
Text (PowerShell)
AV detection:
7 of 39 (17.95%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=w3if3d37d6kgqbwnodyy7c3k6gydheam7kskw63tmgyznfv6sjmq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.75
Link:
https://yomi.yoroi.company/submissions/b6d05d8f7f1f946806cd70f18f8b6af1b033900cfaa4ab7b7361b19696be9259

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:crime_win64_bumblebee_powershell_loader
Create hunting rule
Author:Rony
Description:Detects a Powershell Loader used to load bumblebee in memory

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments