MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c97b8bffcbe424cbc2a6e1135068d071c6f4e8f020fccd2db3dbee3aa80102ac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BumbleBee


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c97b8bffcbe424cbc2a6e1135068d071c6f4e8f020fccd2db3dbee3aa80102ac
SHA3-384 hash: 8c16c4d7f5ac6cf53cb11ee69390fbc159b1bb2adbf7fcfdc392b8a83234b65cf7bf952afd6b0abab626fe325d7eeea0
SHA1 hash: 19fa63af83dfed8023f10147c33c8edb6aabb1b4
MD5 hash: 59baede0aac3a38c8578aa8fef89d960
humanhash: apart-avocado-black-robin
File name:c97b8bffcbe424cbc2a6e1135068d071c6f4e8f020fccd2db3dbee3aa80102ac
Download: download sample
Signature BumbleBee
Create hunting rule
File size:2'855'424 bytes
First seen:2022-04-15 13:21:56 UTC
Last seen:2022-04-20 10:22:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 75a082bc9042dba23421990e75837121 (1 x BumbleBee)
ssdeep 49152:7CkeRD2DBKMpRd8qsToHaQBVeytTEmu6+lzz7JP1KV3jgjO4gYAPLokp6vVkTMU:7CkdB/pRdksaQBVNtTEmu6+lzz7JP1KT
Threatray 2'061 similar samples on MalwareBazaar
TLSH T1CAD5E05FDEA6E6428C2040E42EDFD3E0665DA644C0FE0AB1D8AE5035D6C587D35FF2A8
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter JAMESWT_WT
Tags:BUMBLEBEE exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
401
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
settings.dll
Verdict:
No threats detected
Analysis date:
2022-04-08 20:12:03 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/6170f8f1-1e96-41c1-bff8-752a3f57850c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/263990/
Detection(s):
SecuriteInfo.com.Variant.Lazy.164691.11005.3586.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/13968/overview
Behaviour
MalwareBazaar
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6259717ceab80a7a6c1c6a37/reports/0effb056-cd42-4521-87f0-748a465fad00/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e61252d3-2d63-4738-9f1c-2836b75ef648
Result
Threat name:
BumbleBee
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/977412
Signature
C2 URLs / IPs found in malware configuration
Contain functionality to detect virtual machines
Found malware configuration
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Searches for specific processes (likely to inject)
Sigma detected: Suspicious Call by Ordinal
System process connects to network (likely due to code injection or exploit)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected BumbleBee
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c97b8bffcbe424cbc2a6e1135068d071c6f4e8f020fccd2db3dbee3aa80102ac/
Threat name:
Win64.Trojan.Bumbleloader
Create hunting rule
Status:
Malicious
First seen:
2022-04-09 08:14:19 UTC
File Type:
PE+ (Dll)
AV detection:
16 of 42 (38.10%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0659390fe57012c9d29bacb0e85b61f7de968a6008f91d9c729e18c784b2cca1
BumbleBee
5be0c2df3f2dbca7bfbe77a8eb96abc472bfc6a566aa26cccd8e9937f446dad3
BumbleBee
60ffd58d499a7b7325e63596fc8f14b570f60112bff2e8c69632002ea0cff7ef
BumbleBee
6168d9f1cb0bc329fe76a0ebb8a782617de9bb0da2372e1f2728db856daf5007
BumbleBee
88851c425fbc7879abe5838f3e072d18e350b21ca9fe367e6d9fb7bd27585753
BumbleBee
9fd92b2633147d58a5d4a28d1f5f66a11873c4185c44429295cda9956defa6d4
BumbleBee
f98898df74fb2b2fad3a2ea2907086397b36ae496ef3f4454bf6b7125fc103b8
BumbleBee
+ 2'051 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion
Link:
https://tria.ge/reports/220415-ql79fsbacn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Checks BIOS information in registry
Identifies Wine through registry keys
Enumerates VirtualBox registry keys
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Looks for VirtualBox Guest Additions in registry
Unpacked files
SH256 hash:
c97b8bffcbe424cbc2a6e1135068d071c6f4e8f020fccd2db3dbee3aa80102ac
MD5 hash:
59baede0aac3a38c8578aa8fef89d960
SHA1 hash:
19fa63af83dfed8023f10147c33c8edb6aabb1b4
Link:
https://www.unpac.me/results/f051799c-8450-4316-abe0-4ec0ac472892/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c97b8bffcbe424cbc2a6e1135068d071c6f4e8f020fccd2db3dbee3aa80102ac

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/263990/

Comments