Extracted

• • Target

    AdobePDFReader (9).msi

  • Size

    2.2MB

  • MD5

    fadc9824c68402143239f764c99bb82d

  • SHA1

    7eb72321c2c1e25b11c9d44229af22a179e27ce8

  • SHA256

    9890ae69f0a31a5656dbebce11384a70820ac49cabe9b244dfb8a5ed22617ff5

  • SHA512

    916b9b9836d5003193cf4f52c501a90ba16f18ca13a05325f9e11a6ee9d05b927013c09524757f33efd153c0e1d25648233e79f9a8eaa81fd69ed79282268ef6

  • SSDEEP

    49152:NMU9FgsN+TXYr+LrUcdEL9MklhGUWhe8u/g1PQNPEUI:6gFPgYrordG9t0lepg1P2XI

  Score

  10^/10

  bumblebeead2404trojan

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee

  • Blocklisted process makes network request

  • Executes dropped EXE

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of NtCreateThreadExHideFromDebugger

  behavioral1behavioral2