General
-
Target
Bloom Reduction.bat
-
Size
53KB
-
Sample
241113-1356jatmhl
-
MD5
216a3554aef00862bd9002ce59b12139
-
SHA1
67a4a15b2a5463cac13270f6a9cf0966d56f2ea1
-
SHA256
b3c85ae4bea775453f4313dea7f9ae8b11ef2ba632d89c62049b6e59f43d82a3
-
SHA512
e64b3c94fb40fb37f1e5a20cbff5630aa605063b224d56da90537ba935da062cc6e9d1d8087c24965aed4b7b9a20a448f57b685b35978c2871ce3e21af13b128
-
SSDEEP
768:s/piYQeeX3BG//6ppUkGt+uVf/YscQfzQhFuXLnV6/PF2WlkrOfY/+wk7spYvTGi:siGt+6fOj
Static task
static1
Behavioral task
behavioral1
Sample
Bloom Reduction.bat
Resource
win10ltsc2021-20241023-en
Malware Config
Targets
-
-
Target
Bloom Reduction.bat
-
Size
53KB
-
MD5
216a3554aef00862bd9002ce59b12139
-
SHA1
67a4a15b2a5463cac13270f6a9cf0966d56f2ea1
-
SHA256
b3c85ae4bea775453f4313dea7f9ae8b11ef2ba632d89c62049b6e59f43d82a3
-
SHA512
e64b3c94fb40fb37f1e5a20cbff5630aa605063b224d56da90537ba935da062cc6e9d1d8087c24965aed4b7b9a20a448f57b685b35978c2871ce3e21af13b128
-
SSDEEP
768:s/piYQeeX3BG//6ppUkGt+uVf/YscQfzQhFuXLnV6/PF2WlkrOfY/+wk7spYvTGi:siGt+6fOj
Score10/10-
Modifies firewall policy service
-
Event Triggered Execution: Image File Execution Options Injection
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Image File Execution Options Injection
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5