Overview

overview

6

Static

static

1

node_expor...porter

ubuntu-22.04-amd64

6

prometheus...nu.vbs

windows7-x64

1

prometheus...nu.vbs

windows10-2004-x64

1

prometheus...om.vbs

windows7-x64

1

prometheus...om.vbs

windows10-2004-x64

1

prometheus...u.html

windows7-x64

1

prometheus...u.html

windows10-2004-x64

1

prometheus...k.html

windows7-x64

1

prometheus...k.html

windows10-2004-x64

1

prometheus...w.html

windows7-x64

1

prometheus...w.html

windows10-2004-x64

1

prometheus...e.html

windows7-x64

1

prometheus...e.html

windows10-2004-x64

1

prometheus...w.html

windows7-x64

1

prometheus...w.html

windows10-2004-x64

1

prometheus...s.html

windows7-x64

1

prometheus...s.html

windows10-2004-x64

1

prometheus...etheus

ubuntu-22.04-amd64

3

prometheus...us.wsf

windows7-x64

1

prometheus...us.wsf

windows10-2004-x64

1

prometheus...omtool

ubuntu-22.04-amd64

3

windows_ex...nt.msi

windows7-x64

6

windows_ex...nt.msi

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    OneDrive_1_27-06-2024.zip

  • Size

    251.2MB

  • Sample

    240628-g6em7svgpb

  • MD5

    8e5f421e2fecd7e0eca9058c70850566

  • SHA1

    f2b0855a57dd9f8cc062cbfe1870c115d2108001

  • SHA256

    ff37bfe914dd0d8b5c7e6553f4204b8a65d4a9f9f1909ff7a3cf121070d05a20

  • SHA512

    0fe3b34a2076f0c202c9babf1985068221491cd3df26eb3e7eed299b7d8dec47b33a289e38cd21dd3168d359de6a583ac84a52648481f2d4677dde3f17c95cbb

  • SSDEEP

    1572864:N/K2Z9erwmwANRH18adqhLJHQY07ZD60gGH4+xZA7XHwLd/svYFu9xNdvHJs0Fp/:NCttdqDgOYu7Sd1u9xNdvpZMO

Score
6/10
antivmlinuxpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      node_exporter-Agent-Linux/node_exporter

    • Size

      19.1MB

    • MD5

      fba5b39f3d6967d65a5fef8d0390244f

    • SHA1

      4591560c779f1e89123bd1a7723212c808d5a3be

    • SHA256

      1a6ff4c715bd59fc3108188d602a7086e80b61b06c4cb3a92a1d2cb66e077d4e

    • SHA512

      28e5467e6e7ed71f369e77385dd9441480d820a2eea28e79efd02a04acd04db456abc0db334cd9aa5282123a463f70d86f21b77f71016553b71c75fa7bc354fb

    • SSDEEP

      196608:GJUTa8eWi3l1vbuG420livNXDXInkXdH4IG:GJUT0X3lNwbslX8kyh

    Score
    6/10
    antivm

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

      antivm

    • Reads hardware information

      Accesses system info like serial numbers, manufacturer names etc.

    behavioral1

    • Target

      prometheus - agent - Bastion/console_libraries/menu.lib

    • Size

      2KB

    • MD5

      acbed97ea9a91d2431a85d875f573c22

    • SHA1

      f615133140f7889eca52e8b763cb563cdcebebc6

    • SHA256

      f5465935edcd56bc0db4b0b84650f085efba7dcc161dcc1e7f0b958943a973a0

    • SHA512

      1086ae5ce1fea2cfc55c77f43de237683ef28335e3f0df37b63203eac8524045ce97c6cd189cfb421373b13d7f2e650a553e95aad557dc74a6082576c56fdf8f

    Score
    1/10
    behavioral2behavioral3

    • Target

      prometheus - agent - Bastion/console_libraries/prom.lib

    • Size

      6KB

    • MD5

      a3b12bb173aa3387099ba2afe3aa0ba4

    • SHA1

      963c31e291c46f867f7f8e46487c8302356fac0c

    • SHA256

      1a17f58ab3fece7d8a047527c131c15e53eba0506fb7272b9be7e020f29ca6ae

    • SHA512

      a47a3f4c2a17ed194231b1a912c3acf78116fa6c2a2869e4487c5654934ac9834a9e4fdeb921df3bbf92c3f032b06661a903c6b3534d1751178524ca3e7fa110

    • SSDEEP

      192:nSUNgfXZLL9SqFgxpaI+WjoLc68L7xhf7870:nSUNgfXZoqFscXWjoAh/zf44

    Score
    1/10
    behavioral4behavioral5

    • Target

      prometheus - agent - Bastion/consoles/node-cpu.html

    • Size

      2KB

    • MD5

      7bfc7af17f5b6b28ab3c508966a696a0

    • SHA1

      8d2b26ab92c3a92cabaa7eb3661223f53e246825

    • SHA256

      48aa738da9b8e9472b3b3fc410db1bcfa684e82fa4be532bbcb84997ac054cf3

    • SHA512

      60072b69cc62b0578176f496592f5baa31eeff2c0b8e060a0aaf1fb4b4296ccc15f66c4782d5424712ce253e904cc22972f28403f526db12e24a4a7f70e20ee9

    Score
    1/10
    behavioral6behavioral7

    • Target

      prometheus - agent - Bastion/consoles/node-disk.html

    • Size

      3KB

    • MD5

      0210ff7f4e2fc5e0acc9e9f154085208

    • SHA1

      a10f8b281252c872f6f23498ef066ae273fd9482

    • SHA256

      fd4c847101c517cbaa05493d368d04b7ea946b83e79eb01327b74c5334939cf0

    • SHA512

      3091dbd58d186fb016eeab38f49308d0acd85ad9c75fafa5a468479f13cb002fea87c058d45b4850f4fae7af6aa8671f94931f8cb1f21cf5a3562d55d57d823c

    Score
    1/10
    behavioral8behavioral9

    • Target

      prometheus - agent - Bastion/consoles/node-overview.html

    • Size

      5KB

    • MD5

      57161a730f200c92f08c029eafffe1cc

    • SHA1

      d565496a2cdddad4466f7ae8e8b2a2e0fe56740d

    • SHA256

      bea383fc410e965ee3d8cb10a4604d9af352f95733f03db94669061025c9c170

    • SHA512

      8190d0fde0b110a1ca96178fcb7e59dbe6a8d0de929ad3b034b0d12856082f7a0ee927ae50e9fb780c573a88fa8a992546108e9511fba93c88fe078b9f2d69e9

    • SSDEEP

      96:zTT2PBj8G8gT+gHpht0xvDG0xEiHdKLx4HGxA0sxUaWpzLSZ0amZnvQk0a3iaEy:zc3fHD+hL+iHdMOH0s+rSZVQvQkV3iaZ

    Score
    1/10
    behavioral10behavioral11

    • Target

      prometheus - agent - Bastion/consoles/node.html

    • Size

      1KB

    • MD5

      04e9b44489684c6a0c263b6d80a9874e

    • SHA1

      1606ea69c72931f9dee91ae0b3f981f95e56d3c0

    • SHA256

      c82cdb473c4db14fd0d8ef5eebbc225ecd97bc8f2fc363802a80848e0253f748

    • SHA512

      ce1e3c86a6784b2f8511e34d5d9038d44a94be510c622ec547d2e9f98e0fbf4cc8f0e6fdc9fee580f197dc9ea1bfa53bbba556bfde93eeccce8e84ca8933a806

    Score
    1/10
    behavioral12behavioral13

    • Target

      prometheus - agent - Bastion/consoles/prometheus-overview.html

    • Size

      4KB

    • MD5

      53a74062a4df0799d12b761eb1e98041

    • SHA1

      469e4cc34a536fa4d4f662f459ef00d7c221d514

    • SHA256

      aa1c937e96d3d8460d729f7ec00558dc088ef30bfe217ff877de0a3bcf906212

    • SHA512

      2cbd93562da3031b9db2b80376add2d923c06fc18efe1943b274169a42fa579950b5240797bf2d06dd281fd3697d360123232c5c97253638f29edf85a6489b31

    • SSDEEP

      96:zK7tlIuqq1etJY8KuMGIxYTzNgxnnvRT2yuYKuqgzHk80a4K0av:zkIsOKNbTNK3b8V4KVv

    Score
    1/10
    behavioral14behavioral15

    • Target

      prometheus - agent - Bastion/consoles/prometheus.html

    • Size

      1KB

    • MD5

      d19a4c9fef451b37a2576537c47de539

    • SHA1

      cd97914a982c861b62a3f823cfb01341a6a6d55e

    • SHA256

      446134fdf16b41af6bc88727b02d479e2e29f50ee6ac744b5f2a7576b4db5b27

    • SHA512

      1791eb36bbafc33bf3a64231522523aa0c64100e916b0d8df55ba738f260e5d502322b5d767a9a0bc6306aaa27844e77aeaa7870f5600c657a2e510650d0fdc6

    Score
    1/10
    behavioral16behavioral17

    • Target

      prometheus - agent - Bastion/prometheus

    • Size

      114.3MB

    • MD5

      5f152edf6ce6ef56e739790132180028

    • SHA1

      0e847d1ff0aebf97bf1ff96b66d942d634c30dfd

    • SHA256

      b8a9c7e66c51fa174fc672f4fd6036c74d14943c6bb637b8f76825f1bc792943

    • SHA512

      20bd58d6899499427a71e83f8e6f791a6364b4b6169dc17681c298e827d2200cf4dda9021aa6f84f05b14462ded1247846fdecf491cc00009f6d5fb11d166b65

    • SSDEEP

      786432:lrwdGNwANRHYC8urPNV2umRho0AgGYmGQSTpy7j:lrwmwANRH18adqhLJHQY07j

    Score
    3/10
    behavioral18

    • Target

      prometheus - agent - Bastion/prometheus.yml

    • Size

      934B

    • MD5

      3a940c177917d9f3a6cc04b6956a0f63

    • SHA1

      10b75634b565112912ea3b9c835024390b075db5

    • SHA256

      6c568c1bdc95b97c1c35e565f4cd337d328eed000551e49b741d94e639e0a78f

    • SHA512

      632989168aab545b3f6caff5a094f6a4836bd1cbf72e3adeb4a84b0a3731ac729ca820eef1ddf18bd8e23313d268c3c3ce975d13ae59df667678c6824908b92e

    Score
    1/10
    behavioral19behavioral20

    • Target

      prometheus - agent - Bastion/promtool

    • Size

      107.7MB

    • MD5

      b23adea926f9895a5ddbe572cd36097c

    • SHA1

      dbfdbc38cbe6a176510d3ce26fb8c6d368bfd9e6

    • SHA256

      31f1f65c87ed9555cd9d6c9e99121e96935d37f9df604a80a3f5ee7df79dcf8c

    • SHA512

      a8546771fe6650eaff6a71b1e7fa216fe02638b604f06a424f55e2f71131707fa6cdece2ba7918138532a35f15ef93e046ba0a4d741478713d2b497aa329cca0

    • SSDEEP

      786432:Q7D60gGr9d9+Efx/xIliWvf5tXvPqxLdafUsz7YLxJzI9xLpdvj:ID60gGH4+xZA7XHwLd/svYFu9xNdvj

    Score
    3/10
    behavioral21

    • Target

      windows_exporter-Agent.msi

    • Size

      10.1MB

    • MD5

      7096892e6330a1630ac9c588aa01e3a2

    • SHA1

      3adbaa05e9def1d97823615f2f47669bcb1d8395

    • SHA256

      822166c33ce415436a287f4f5bf34c9737da5201cda3b6a31ffc5b2be5023679

    • SHA512

      73462b1b03ee2b81eb421e13fc466224666db2c6312e4424cf6451001f2d94ea5006f71957ab1a5c9617a862bb44f27f919dffc370637345a5b17fe7f885e540

    • SSDEEP

      196608:djo2fy0hWWpfeZdkW2ijrtlT95y0DalZEM/Jbr1ZOONCbLmUo2hWN:dES/UWQdz24R2JbrzOsamU+N

    Score
    6/10
    persistenceprivilege_escalation

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral22behavioral23

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

Installer Packages

1
T1546.016

Privilege Escalation

Event Triggered Execution

1
T1546

Installer Packages

1
T1546.016

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Modify Registry

6
T1112

Credential Access

Discovery

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

12
T1082

Query Registry

7
T1012

Peripheral Device Discovery

2
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks