Extracted

• • Target

    doc_88BFNS_57.wsf

  • Size

    192KB

  • MD5

    d6d0f8cf0b9383802fd4868c2082017d

  • SHA1

    16b03efbf2aa547ca308ae50d8673012844c52b9

  • SHA256

    f6ff607f55b6c53b700e3c1a8a4230c01641111bfc09645ba54c75ca2b1587cd

  • SHA512

    0e331aeef702394d3b04939f0755bdbbc79ac24e23cbf54fad51645da045b598ee4077ba629af1a5f1e833b062f92acd033fd718c41dedb27b5041199f449efb

  • SSDEEP

    6144:rPYy39mm2+oVmcySJnfzKe1ZFmqRzgim/Ytix:TYy3Cdtn1Hw

  Score

  10^/10

  bumblebeemc1904trojan

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Suspicious use of NtCreateThreadExHideFromDebugger

  behavioral1behavioral2