Managed XDR

bloom-universal.jar — malware analysis report

File info

Filename
bloom-universal.jar
File type
Zip archive data, at least v2.0 to extract
File size
639.6 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
b0db4d235d1b17cde31a643f8f42d66679f28104
SHA256
ab3b9415ff9819d590f356324d2a1f3c549a170fcfb8c1e3b42eabe6e798ec9a
MD5
0d2c181ca1b5a79511b1634ceea84dd5

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
dead_host: Connects to IP addresses that do not respond to requests
creates_in_programdata: Creates files in the ProgramData directory
suspicious_network_port: Performs TCP or UDP request to non-standard port