Extracted

• • Target

    Inv(05-19)Copy#19-48-01.js

  • Size

    772KB

  • MD5

    c56f106025e1853958f0745516c0b88f

  • SHA1

    f3506be345eafb653e2c2c18410b8c4f5d1a2c26

  • SHA256

    bcd9b7d4ca83e96704e00e378728db06291e8e2b50d68db22efd1f8974d1ca91

  • SHA512

    facf6c8c5690209c1c905f96da1f6ef1ad8b86ab752e8714e73ae48781ff8bfec17813816862fe5d75a96d7c316c083d46e27accf4685e060c6555e882e24278

  • SSDEEP

    24576:93vle/E45Mk2h1K3G9EhRe4jEER9Fwf8TxzM34LM9gkIy9ByxZO9TLd8wDNGOi5t:plZ45Mk2h1aG9EhRe4jEy9Fwf8TxzM3s

  Score

  10^/10

  bumblebeemc1905trojan

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Suspicious use of NtCreateThreadExHideFromDebugger

  behavioral1behavioral2