ff37bfe914dd0d8b5c7e6553f4204b8a65d4a9f9f1909ff7a3cf121070d05a20

Analysis

max time kernel
1740s
max time network
902s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
28-06-2024 06:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

node_exporter-Agent-Linux/node_exporter
Size

19.1MB
MD5

fba5b39f3d6967d65a5fef8d0390244f
SHA1

4591560c779f1e89123bd1a7723212c808d5a3be
SHA256

1a6ff4c715bd59fc3108188d602a7086e80b61b06c4cb3a92a1d2cb66e077d4e
SHA512

28e5467e6e7ed71f369e77385dd9441480d820a2eea28e79efd02a04acd04db456abc0db334cd9aa5282123a463f70d86f21b77f71016553b71c75fa7bc354fb
SSDEEP

196608:GJUTa8eWi3l1vbuG420livNXDXInkXdH4IG:GJUT0X3lNwbslX8kyh

Score

6^/10

antivm

Malware Config

Signatures

Checks hardware identifiers (DMI) 1 TTPs 3 IoCs

Checks DMI information which indicate if the system is a virtual machine.

antivm

Virtualization/Sandbox Evasion

T1497

Processes:

node_exporter

description	ioc	process
File opened for reading	/sys/class/dmi/id/product_name	node_exporter
File opened for reading	/sys/class/dmi/id/sys_vendor	node_exporter
File opened for reading	/sys/class/dmi/id/bios_vendor	node_exporter

Reads hardware information 1 TTPs 13 IoCs

Accesses system info like serial numbers, manufacturer names etc.

System Information Discovery

T1082

Processes:

node_exporter

description	ioc	process
File opened for reading	/sys/class/dmi/id/bios_date	node_exporter
File opened for reading	/sys/class/dmi/id/bios_version	node_exporter
File opened for reading	/sys/class/dmi/id/product_serial	node_exporter
File opened for reading	/sys/class/dmi/id/chassis_asset_tag	node_exporter
File opened for reading	/sys/class/dmi/id/chassis_serial	node_exporter
File opened for reading	/sys/class/dmi/id/chassis_type	node_exporter
File opened for reading	/sys/class/dmi/id/chassis_version	node_exporter
File opened for reading	/sys/class/dmi/id/chassis_vendor	node_exporter
File opened for reading	/sys/class/dmi/id/product_sku	node_exporter
File opened for reading	/sys/class/dmi/id/product_version	node_exporter
File opened for reading	/sys/class/dmi/id/bios_release	node_exporter
File opened for reading	/sys/class/dmi/id/product_family	node_exporter
File opened for reading	/sys/class/dmi/id/product_uuid	node_exporter

Reads CPU attributes 1 TTPs 1 IoCs

System Information Discovery
T1082

Processes:

node_exporter

description ioc process

File opened for reading /sys/devices/system/cpu/isolated node_exporter

description	ioc	process
File opened for reading	/sys/devices/system/cpu/isolated	node_exporter

Enumerates kernel/hardware configuration 1 TTPs 2 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

Processes:

node_exporter

description	ioc	process
File opened for reading	/sys/kernel/mm/transparent_hugepage/hpage_pmd_size	node_exporter
File opened for reading	/sys/class/dmi/id	node_exporter

Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.

Processes:

node_exporter

description ioc process

File opened for reading /proc/sys/net/core/somaxconn node_exporter

description	ioc	process
File opened for reading	/proc/sys/net/core/somaxconn	node_exporter

/tmp/node_exporter-Agent-Linux/node_exporter
/tmp/node_exporter-Agent-Linux/node_exporter
1⤵
- Checks hardware identifiers (DMI)
- Reads hardware information
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1611

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads