Overview

overview

6

Static

static

1

node_expor...porter

ubuntu-22.04-amd64

6

prometheus...nu.vbs

windows7-x64

1

prometheus...nu.vbs

windows10-2004-x64

1

prometheus...om.vbs

windows7-x64

1

prometheus...om.vbs

windows10-2004-x64

1

prometheus...u.html

windows7-x64

1

prometheus...u.html

windows10-2004-x64

1

prometheus...k.html

windows7-x64

1

prometheus...k.html

windows10-2004-x64

1

prometheus...w.html

windows7-x64

1

prometheus...w.html

windows10-2004-x64

1

prometheus...e.html

windows7-x64

1

prometheus...e.html

windows10-2004-x64

1

prometheus...w.html

windows7-x64

1

prometheus...w.html

windows10-2004-x64

1

prometheus...s.html

windows7-x64

1

prometheus...s.html

windows10-2004-x64

1

prometheus...etheus

ubuntu-22.04-amd64

3

prometheus...us.wsf

windows7-x64

1

prometheus...us.wsf

windows10-2004-x64

1

prometheus...omtool

ubuntu-22.04-amd64

3

windows_ex...nt.msi

windows7-x64

6

windows_ex...nt.msi

windows10-2004-x64

6

Analysis

  • max time kernel
    1795s
  • max time network
    897s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    28-06-2024 06:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    prometheus - agent - Bastion/prometheus

  • Size

    114.3MB

  • MD5

    5f152edf6ce6ef56e739790132180028

  • SHA1

    0e847d1ff0aebf97bf1ff96b66d942d634c30dfd

  • SHA256

    b8a9c7e66c51fa174fc672f4fd6036c74d14943c6bb637b8f76825f1bc792943

  • SHA512

    20bd58d6899499427a71e83f8e6f791a6364b4b6169dc17681c298e827d2200cf4dda9021aa6f84f05b14462ded1247846fdecf491cc00009f6d5fb11d166b65

  • SSDEEP

    786432:lrwdGNwANRHYC8urPNV2umRho0AgGYmGQSTpy7j:lrwmwANRH18adqhLJHQY07j

Score
3/10

Malware Config

Signatures

  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 5 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 3 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/prometheus - agent - Bastion/prometheus
    "/tmp/prometheus - agent - Bastion/prometheus"
    1⤵
    • Enumerates kernel/hardware configuration
    • Reads runtime system information
    • Writes file to tmp directory
    PID:1571

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • /tmp/prometheus - agent - Bastion/data/wal/00000000
    Filesize

    239KB

    MD5

    048ca79a35bc7de05196d737224e9ec1

    SHA1

    b7033d2eb87ae51d64d772555685623be7e48f2c

    SHA256

    5e75e8f1f355244f2e84b8d2c114e03f1409f5428f346cfc2a03f490d7adffa9

    SHA512

    35348503d647d63a2ed1052e558aafaf2a09f106f539c9fe19f2680ae389f4ba261ad8fdecbdd4d5818b35eb95826204ab8c0d052cbb23297580e995086f6517

    Download Submit