Extracted

• • Target

    3b553b9166004e78799c5096daa412f4a01563e3b02c44d93e35b2ce63bf922c

  • Size

    4.1MB

  • MD5

    060f773f5b91ea96cfd5a21678d2a1ba

  • SHA1

    4de99e61485d8ddfd1dae963e17da24aa6312b86

  • SHA256

    3b553b9166004e78799c5096daa412f4a01563e3b02c44d93e35b2ce63bf922c

  • SHA512

    5a41f716d4ef24651e439068e57e7fe0b6ad079610bf582b53ce06c79d168350d730a059dc21fd40bc7a2ba4b0cdf71067ee7611b9681453e791debd6269e4f7

  • SSDEEP

    98304:4PKnw39kiUnMUYeg8F1HWMUKFln1hoDCQDnMpIgqCf:FwNJUnMUYetUKFZjoDCQDnMigqCf

  Score

  10^/10

  bumblebeecis21704trojan

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee

  • Blocklisted process makes network request

  • Executes dropped EXE

  • Loads dropped DLL

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of NtCreateThreadExHideFromDebugger

  behavioral1behavioral2