Bumblebee Office (OLE) malware analysis — malicious · f34aecfe1a1112c3

MALICIOUS

Office (OLE)

13.0 KB Created: 1999-05-09 10:19:00 Authoring application: Microsoft Word for Windows 95 First seen: 2012-06-14

MD5: 557732980fd090509153337d54cc673c SHA-1: 9d2c4a0da5c335aeaec4c9d7fee0df3100c286e2 SHA-256: f34aecfe1a1112c31783a2c6bcf78462a8e088658703dc241cbdfac23c73c972

80 Risk Score

Malware Insights

Bumblebee · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The sample contains legacy WordBasic macros, specifically an AutoOpen macro, which is a strong indicator of malicious intent. ClamAV detection confirms this, identifying it as Win.Trojan.Bumblebee-2. The AutoOpen macro likely executes a secondary payload, contributing to the Bumblebee family's known behavior of downloading and executing further malware.

Heuristics 2

ClamAV: Win.Trojan.Bumblebee-2 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Bumblebee-2
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC

OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.