MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e81f4b65fb98623c6be24865728e0e894403738cd4413d372da32fcfe3c6a1f5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

BumbleBee

Vendor detections: 5

Intelligence 5 IOCs YARA 1 File information Comments

SHA256 hash:	e81f4b65fb98623c6be24865728e0e894403738cd4413d372da32fcfe3c6a1f5
SHA3-384 hash:	f5b8a60c75751f02404fb46fa8f5f6c6e969f89a3b2075ce843b6c3ce7693b85cddc2e2e9bc7296d2dd6b11cdf3f1eda
SHA1 hash:	17500c2931c8a1398c7a303fb4a11ce92b07b148
MD5 hash:	2d10e35ba9ba3cba78d59a276708efae
humanhash:	two-three-coffee-carbon
File name:	2d10e35ba9ba3cba78d59a276708efae
Download:	download sample
Signature	BumbleBee Create hunting rule
File size:	3'328'000 bytes
First seen:	2022-11-07 09:54:07 UTC
Last seen:	Never
File type:	iso
MIME type:	application/x-iso9660-image
ssdeep	49152:fWsNTq3iNJhyavhqaUq5AXWm9KhyyLrgbOww:fW
TLSH	T133F51271AA441848D2A44AF5A456EA3847333E611105A3DF7BECBC733BFB28E4D2635D
TrID	49.8% (.NRG) Nero Burning ROM CD Image (2066500/1/5) 49.4% (.NULL) null bytes (2048000/1) 0.2% (.WAR) Warcraft II game data archive (12007/4/6) 0.1% (.ISO) ISO 9660 CD image (5100/59/2) 0.1% (.ATN) Photoshop Action (5007/6/1)
Reporter	f0wlsec
Tags:	BUMBLEBEE iso zipExec

f0wlsec

Packed with zipExec

Intelligence

File Origin

# of uploads :

# of downloads :

112

Origin country :

File Archive Information

This file archive contains 3 file(s), sorted by their relevance:

File name:	name.js
File size:	2'877'177 bytes
SHA256 hash:	5b3f3662054fcc047c9f0729edc06598d11e96e761d128523dea4faa748d1a3c
MD5 hash:	701cf9861e8bd8552008be4b1f6730bd
MIME type:	text/plain
Signature	BumbleBee

File name:	Mutual.pdf
File size:	72'682 bytes
SHA256 hash:	73c818b60eea60e6c1a1e5688a373c6b8376ca4ea2ff269695fe6eeef134b3c8
MD5 hash:	9672b8df2bfb3d9435b85e477dfead51
MIME type:	application/pdf
Signature	BumbleBee

File name:	Mutual_23.pdf.exe
File size:	324'096 bytes
SHA256 hash:	94ec8314c95c9053ab77e4dccf396c0e245ea9dac476179bb238d83ec691d112
MD5 hash:	aa9a10a99ce3fddfa2859a3977c3a9bb
MIME type:	application/x-dosexec
Signature	BumbleBee

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Foxhole.Iso_badexts64.UNOFFICIAL

SecuriteInfo.com.Trojan.GenericKD.34588367.15193.4194.UNOFFICIAL

Sanesecurity.Malware.26866.JsHeur.UNOFFICIAL

Sanesecurity.Malware.26863.JsHeur.UNOFFICIAL

SecuriteInfo.com.PUA.JS.Exec-1.UNOFFICIAL

Verdict:

No Threat

Threat level:

2/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/6368d5f715611f8d8bf94ae9/reports/67fdba5c-570a-433d-9cb1-21f39f3c814b/overview

Result

Verdict:

MALICIOUS

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e81f4b65fb98623c6be24865728e0e894403738cd4413d372da32fcfe3c6a1f5/

Threat name:

Win64.Trojan.Leonem

Status:

Malicious

First seen:

2022-10-26 18:20:04 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

18 of 41 (43.90%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=5apuwzp3tbrdy27cjbsxfdqorfcag44m2rat2nznumx47y6guh2q._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/e81f4b65fb98623c6be24865728e0e894403738cd4413d372da32fcfe3c6a1f5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.