Extracted

• • Target

    1.hta

  • Size

    7KB

  • MD5

    1e34928af180dc440e129469536ee21f

  • SHA1

    6ae914196ddf8366a67f431d19e0812514e5c8e1

  • SHA256

    9a39db4d96024d05abf585b11d3b717a086241a59b70c7434e935edc33d66187

  • SHA512

    14b74efb4e6ee87de6f26f533631e971c5f188350620e472958f91a8eea96325a0bfe347b9da16d54c2b2316e57491d7d67579aec404a7f659558a63b678ff0c

  • SSDEEP

    96:pNZrmf0Gf1jqDQejQnYJi/J591l5m9SVjNItGb928OgVrlLyIcoLu5CC:pnvIjqHih591l5Qeo2928OgJl/u3

  Score

  10^/10

  bumblebeetokdlltrojan

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Suspicious use of NtCreateThreadExHideFromDebugger

  behavioral1behavioral2