Extracted

• • Target

    434775

  • Size

    53KB

  • MD5

    8361467d6ef12ab5cdc89ac03eda2630

  • SHA1

    778a76a890425fa2ffa81cc46aedbee761bfdae2

  • SHA256

    8b0ef4e50ddad2036e3d85e87a0cd53e3ae0a436ea4fff99fd4ddb845e4f265f

  • SHA512

    fdab4e67756e2a7a8a0813eeabeeb5d8699eb702c0e04c1c31c8ec32f0189a6638f4e88cbe4ff34259075b98ccc33108236ca1dc969200a0e0f1475480dc11c9

  • SSDEEP

    1536:JbxVjYWdp4RvikgWUNXRIDBXceQ2JKAgMY+9/w0G:mv5g3NXRI/Q2BJYQM

  Score

  10^/10

  bumblebeeasd123loader

  • BumbleBee

    BumbleBee is a loader malware written in C++.

    loaderbumblebee

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Drops file in System32 directory

  • Suspicious use of NtCreateThreadExHideFromDebugger

  behavioral1behavioral2