ff37bfe914dd0d8b5c7e6553f4204b8a65d4a9f9f1909ff7a3cf121070d05a20

Sharing

Copy URL

Twitter E-mail

General

Target

OneDrive_1_27-06-2024.zip
Size

251.2MB
Sample

240628-g6em7svgpb
MD5

8e5f421e2fecd7e0eca9058c70850566
SHA1

f2b0855a57dd9f8cc062cbfe1870c115d2108001
SHA256

ff37bfe914dd0d8b5c7e6553f4204b8a65d4a9f9f1909ff7a3cf121070d05a20
SHA512

0fe3b34a2076f0c202c9babf1985068221491cd3df26eb3e7eed299b7d8dec47b33a289e38cd21dd3168d359de6a583ac84a52648481f2d4677dde3f17c95cbb
SSDEEP

1572864:N/K2Z9erwmwANRH18adqhLJHQY07ZD60gGH4+xZA7XHwLd/svYFu9xNdvHJs0Fp/:NCttdqDgOYu7Sd1u9xNdvpZMO

Score

6^/10

Malware Config

Targets

- Target
  
  node_exporter-Agent-Linux/node_exporter
- Size
  
  19.1MB
- MD5
  
  fba5b39f3d6967d65a5fef8d0390244f
- SHA1
  
  4591560c779f1e89123bd1a7723212c808d5a3be
- SHA256
  
  1a6ff4c715bd59fc3108188d602a7086e80b61b06c4cb3a92a1d2cb66e077d4e
- SHA512
  
  28e5467e6e7ed71f369e77385dd9441480d820a2eea28e79efd02a04acd04db456abc0db334cd9aa5282123a463f70d86f21b77f71016553b71c75fa7bc354fb
- SSDEEP
  
  196608:GJUTa8eWi3l1vbuG420livNXDXInkXdH4IG:GJUT0X3lNwbslX8kyh
Score

6^/10

antivm
- Checks hardware identifiers (DMI)
  Checks DMI information which indicate if the system is a virtual machine.
  antivm
- Reads hardware information
  Accesses system info like serial numbers, manufacturer names etc.
behavioral1
- Target
  
  prometheus - agent - Bastion/console_libraries/menu.lib
- Size
  
  2KB
- MD5
  
  acbed97ea9a91d2431a85d875f573c22
- SHA1
  
  f615133140f7889eca52e8b763cb563cdcebebc6
- SHA256
  
  f5465935edcd56bc0db4b0b84650f085efba7dcc161dcc1e7f0b958943a973a0
- SHA512
  
  1086ae5ce1fea2cfc55c77f43de237683ef28335e3f0df37b63203eac8524045ce97c6cd189cfb421373b13d7f2e650a553e95aad557dc74a6082576c56fdf8f
Score

1^/10
behavioral2 behavioral3
- Target
  
  prometheus - agent - Bastion/console_libraries/prom.lib
- Size
  
  6KB
- MD5
  
  a3b12bb173aa3387099ba2afe3aa0ba4
- SHA1
  
  963c31e291c46f867f7f8e46487c8302356fac0c
- SHA256
  
  1a17f58ab3fece7d8a047527c131c15e53eba0506fb7272b9be7e020f29ca6ae
- SHA512
  
  a47a3f4c2a17ed194231b1a912c3acf78116fa6c2a2869e4487c5654934ac9834a9e4fdeb921df3bbf92c3f032b06661a903c6b3534d1751178524ca3e7fa110
- SSDEEP
  
  192:nSUNgfXZLL9SqFgxpaI+WjoLc68L7xhf7870:nSUNgfXZoqFscXWjoAh/zf44
Score

1^/10
behavioral4 behavioral5
- Target
  
  prometheus - agent - Bastion/consoles/node-cpu.html
- Size
  
  2KB
- MD5
  
  7bfc7af17f5b6b28ab3c508966a696a0
- SHA1
  
  8d2b26ab92c3a92cabaa7eb3661223f53e246825
- SHA256
  
  48aa738da9b8e9472b3b3fc410db1bcfa684e82fa4be532bbcb84997ac054cf3
- SHA512
  
  60072b69cc62b0578176f496592f5baa31eeff2c0b8e060a0aaf1fb4b4296ccc15f66c4782d5424712ce253e904cc22972f28403f526db12e24a4a7f70e20ee9
Score

1^/10
behavioral6 behavioral7
- Target
  
  prometheus - agent - Bastion/consoles/node-disk.html
- Size
  
  3KB
- MD5
  
  0210ff7f4e2fc5e0acc9e9f154085208
- SHA1
  
  a10f8b281252c872f6f23498ef066ae273fd9482
- SHA256
  
  fd4c847101c517cbaa05493d368d04b7ea946b83e79eb01327b74c5334939cf0
- SHA512
  
  3091dbd58d186fb016eeab38f49308d0acd85ad9c75fafa5a468479f13cb002fea87c058d45b4850f4fae7af6aa8671f94931f8cb1f21cf5a3562d55d57d823c
Score

1^/10
behavioral8 behavioral9
- Target
  
  prometheus - agent - Bastion/consoles/node-overview.html
- Size
  
  5KB
- MD5
  
  57161a730f200c92f08c029eafffe1cc
- SHA1
  
  d565496a2cdddad4466f7ae8e8b2a2e0fe56740d
- SHA256
  
  bea383fc410e965ee3d8cb10a4604d9af352f95733f03db94669061025c9c170
- SHA512
  
  8190d0fde0b110a1ca96178fcb7e59dbe6a8d0de929ad3b034b0d12856082f7a0ee927ae50e9fb780c573a88fa8a992546108e9511fba93c88fe078b9f2d69e9
- SSDEEP
  
  96:zTT2PBj8G8gT+gHpht0xvDG0xEiHdKLx4HGxA0sxUaWpzLSZ0amZnvQk0a3iaEy:zc3fHD+hL+iHdMOH0s+rSZVQvQkV3iaZ
Score

1^/10
behavioral10 behavioral11
- Target
  
  prometheus - agent - Bastion/consoles/node.html
- Size
  
  1KB
- MD5
  
  04e9b44489684c6a0c263b6d80a9874e
- SHA1
  
  1606ea69c72931f9dee91ae0b3f981f95e56d3c0
- SHA256
  
  c82cdb473c4db14fd0d8ef5eebbc225ecd97bc8f2fc363802a80848e0253f748
- SHA512
  
  ce1e3c86a6784b2f8511e34d5d9038d44a94be510c622ec547d2e9f98e0fbf4cc8f0e6fdc9fee580f197dc9ea1bfa53bbba556bfde93eeccce8e84ca8933a806
Score

1^/10
behavioral12 behavioral13
- Target
  
  prometheus - agent - Bastion/consoles/prometheus-overview.html
- Size
  
  4KB
- MD5
  
  53a74062a4df0799d12b761eb1e98041
- SHA1
  
  469e4cc34a536fa4d4f662f459ef00d7c221d514
- SHA256
  
  aa1c937e96d3d8460d729f7ec00558dc088ef30bfe217ff877de0a3bcf906212
- SHA512
  
  2cbd93562da3031b9db2b80376add2d923c06fc18efe1943b274169a42fa579950b5240797bf2d06dd281fd3697d360123232c5c97253638f29edf85a6489b31
- SSDEEP
  
  96:zK7tlIuqq1etJY8KuMGIxYTzNgxnnvRT2yuYKuqgzHk80a4K0av:zkIsOKNbTNK3b8V4KVv
Score

1^/10
behavioral14 behavioral15
- Target
  
  prometheus - agent - Bastion/consoles/prometheus.html
- Size
  
  1KB
- MD5
  
  d19a4c9fef451b37a2576537c47de539
- SHA1
  
  cd97914a982c861b62a3f823cfb01341a6a6d55e
- SHA256
  
  446134fdf16b41af6bc88727b02d479e2e29f50ee6ac744b5f2a7576b4db5b27
- SHA512
  
  1791eb36bbafc33bf3a64231522523aa0c64100e916b0d8df55ba738f260e5d502322b5d767a9a0bc6306aaa27844e77aeaa7870f5600c657a2e510650d0fdc6
Score

1^/10
behavioral16 behavioral17
- Target
  
  prometheus - agent - Bastion/prometheus
- Size
  
  114.3MB
- MD5
  
  5f152edf6ce6ef56e739790132180028
- SHA1
  
  0e847d1ff0aebf97bf1ff96b66d942d634c30dfd
- SHA256
  
  b8a9c7e66c51fa174fc672f4fd6036c74d14943c6bb637b8f76825f1bc792943
- SHA512
  
  20bd58d6899499427a71e83f8e6f791a6364b4b6169dc17681c298e827d2200cf4dda9021aa6f84f05b14462ded1247846fdecf491cc00009f6d5fb11d166b65
- SSDEEP
  
  786432:lrwdGNwANRHYC8urPNV2umRho0AgGYmGQSTpy7j:lrwmwANRH18adqhLJHQY07j
Score

3^/10
behavioral18
- Target
  
  prometheus - agent - Bastion/prometheus.yml
- Size
  
  934B
- MD5
  
  3a940c177917d9f3a6cc04b6956a0f63
- SHA1
  
  10b75634b565112912ea3b9c835024390b075db5
- SHA256
  
  6c568c1bdc95b97c1c35e565f4cd337d328eed000551e49b741d94e639e0a78f
- SHA512
  
  632989168aab545b3f6caff5a094f6a4836bd1cbf72e3adeb4a84b0a3731ac729ca820eef1ddf18bd8e23313d268c3c3ce975d13ae59df667678c6824908b92e
Score

1^/10
behavioral19 behavioral20
- Target
  
  prometheus - agent - Bastion/promtool
- Size
  
  107.7MB
- MD5
  
  b23adea926f9895a5ddbe572cd36097c
- SHA1
  
  dbfdbc38cbe6a176510d3ce26fb8c6d368bfd9e6
- SHA256
  
  31f1f65c87ed9555cd9d6c9e99121e96935d37f9df604a80a3f5ee7df79dcf8c
- SHA512
  
  a8546771fe6650eaff6a71b1e7fa216fe02638b604f06a424f55e2f71131707fa6cdece2ba7918138532a35f15ef93e046ba0a4d741478713d2b497aa329cca0
- SSDEEP
  
  786432:Q7D60gGr9d9+Efx/xIliWvf5tXvPqxLdafUsz7YLxJzI9xLpdvj:ID60gGH4+xZA7XHwLd/svYFu9xNdvj
Score

3^/10
behavioral21
- Target
  
  windows_exporter-Agent.msi
- Size
  
  10.1MB
- MD5
  
  7096892e6330a1630ac9c588aa01e3a2
- SHA1
  
  3adbaa05e9def1d97823615f2f47669bcb1d8395
- SHA256
  
  822166c33ce415436a287f4f5bf34c9737da5201cda3b6a31ffc5b2be5023679
- SHA512
  
  73462b1b03ee2b81eb421e13fc466224666db2c6312e4424cf6451001f2d94ea5006f71957ab1a5c9617a862bb44f27f919dffc370637345a5b17fe7f885e540
- SSDEEP
  
  196608:djo2fy0hWWpfeZdkW2ijrtlT95y0DalZEM/Jbr1ZOONCbLmUo2hWN:dES/UWQdz24R2JbrzOsamU+N
Score

6^/10

persistence privilege_escalation
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral22 behavioral23

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Installer Packages

T1546.016

Privilege Escalation

Event Triggered Execution

T1546

Installer Packages

T1546.016

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks hardware identifiers (DMI)

Reads hardware information

Enumerates connected drives

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23