General

  • Target

    Bloom Reduction.bat

  • Size

    53KB

  • Sample

    241113-1356jatmhl

  • MD5

    216a3554aef00862bd9002ce59b12139

  • SHA1

    67a4a15b2a5463cac13270f6a9cf0966d56f2ea1

  • SHA256

    b3c85ae4bea775453f4313dea7f9ae8b11ef2ba632d89c62049b6e59f43d82a3

  • SHA512

    e64b3c94fb40fb37f1e5a20cbff5630aa605063b224d56da90537ba935da062cc6e9d1d8087c24965aed4b7b9a20a448f57b685b35978c2871ce3e21af13b128

  • SSDEEP

    768:s/piYQeeX3BG//6ppUkGt+uVf/YscQfzQhFuXLnV6/PF2WlkrOfY/+wk7spYvTGi:siGt+6fOj

Malware Config

Targets

    • Target

      Bloom Reduction.bat

    • Size

      53KB

    • MD5

      216a3554aef00862bd9002ce59b12139

    • SHA1

      67a4a15b2a5463cac13270f6a9cf0966d56f2ea1

    • SHA256

      b3c85ae4bea775453f4313dea7f9ae8b11ef2ba632d89c62049b6e59f43d82a3

    • SHA512

      e64b3c94fb40fb37f1e5a20cbff5630aa605063b224d56da90537ba935da062cc6e9d1d8087c24965aed4b7b9a20a448f57b685b35978c2871ce3e21af13b128

    • SSDEEP

      768:s/piYQeeX3BG//6ppUkGt+uVf/YscQfzQhFuXLnV6/PF2WlkrOfY/+wk7spYvTGi:siGt+6fOj

    • Modifies Windows Defender Real-time Protection settings

    • Modifies firewall policy service

    • UAC bypass

    • Event Triggered Execution: Image File Execution Options Injection

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks