Overview
overview
6Static
static
1node_expor...porter
ubuntu-22.04-amd64
6prometheus...nu.vbs
windows7-x64
1prometheus...nu.vbs
windows10-2004-x64
1prometheus...om.vbs
windows7-x64
1prometheus...om.vbs
windows10-2004-x64
1prometheus...u.html
windows7-x64
1prometheus...u.html
windows10-2004-x64
1prometheus...k.html
windows7-x64
1prometheus...k.html
windows10-2004-x64
1prometheus...w.html
windows7-x64
1prometheus...w.html
windows10-2004-x64
1prometheus...e.html
windows7-x64
1prometheus...e.html
windows10-2004-x64
1prometheus...w.html
windows7-x64
1prometheus...w.html
windows10-2004-x64
1prometheus...s.html
windows7-x64
1prometheus...s.html
windows10-2004-x64
1prometheus...etheus
ubuntu-22.04-amd64
3prometheus...us.wsf
windows7-x64
1prometheus...us.wsf
windows10-2004-x64
1prometheus...omtool
ubuntu-22.04-amd64
3windows_ex...nt.msi
windows7-x64
6windows_ex...nt.msi
windows10-2004-x64
6Analysis
-
max time kernel
1795s -
max time network
897s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
28-06-2024 06:24
Static task
static1
Behavioral task
behavioral1
Sample
node_exporter-Agent-Linux/node_exporter
Resource
ubuntu2204-amd64-20240611-en
Behavioral task
behavioral2
Sample
prometheus - agent - Bastion/console_libraries/menu.vbs
Resource
win7-20240221-en
Behavioral task
behavioral3
Sample
prometheus - agent - Bastion/console_libraries/menu.vbs
Resource
win10v2004-20240226-en
Behavioral task
behavioral4
Sample
prometheus - agent - Bastion/console_libraries/prom.vbs
Resource
win7-20240221-en
Behavioral task
behavioral5
Sample
prometheus - agent - Bastion/console_libraries/prom.vbs
Resource
win10v2004-20240611-en
Behavioral task
behavioral6
Sample
prometheus - agent - Bastion/consoles/node-cpu.html
Resource
win7-20240508-en
Behavioral task
behavioral7
Sample
prometheus - agent - Bastion/consoles/node-cpu.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral8
Sample
prometheus - agent - Bastion/consoles/node-disk.html
Resource
win7-20240221-en
Behavioral task
behavioral9
Sample
prometheus - agent - Bastion/consoles/node-disk.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral10
Sample
prometheus - agent - Bastion/consoles/node-overview.html
Resource
win7-20240611-en
Behavioral task
behavioral11
Sample
prometheus - agent - Bastion/consoles/node-overview.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral12
Sample
prometheus - agent - Bastion/consoles/node.html
Resource
win7-20240611-en
Behavioral task
behavioral13
Sample
prometheus - agent - Bastion/consoles/node.html
Resource
win10v2004-20240611-en
Behavioral task
behavioral14
Sample
prometheus - agent - Bastion/consoles/prometheus-overview.html
Resource
win7-20240508-en
Behavioral task
behavioral15
Sample
prometheus - agent - Bastion/consoles/prometheus-overview.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral16
Sample
prometheus - agent - Bastion/consoles/prometheus.html
Resource
win7-20240508-en
Behavioral task
behavioral17
Sample
prometheus - agent - Bastion/consoles/prometheus.html
Resource
win10v2004-20240611-en
Behavioral task
behavioral18
Sample
prometheus - agent - Bastion/prometheus
Resource
ubuntu2204-amd64-20240611-en
Behavioral task
behavioral19
Sample
prometheus - agent - Bastion/prometheus.wsf
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
prometheus - agent - Bastion/prometheus.wsf
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
prometheus - agent - Bastion/promtool
Resource
ubuntu2204-amd64-20240611-en
Behavioral task
behavioral22
Sample
windows_exporter-Agent.msi
Resource
win7-20240611-en
Behavioral task
behavioral23
Sample
windows_exporter-Agent.msi
Resource
win10v2004-20240508-en
General
-
Target
prometheus - agent - Bastion/prometheus
-
Size
114.3MB
-
MD5
5f152edf6ce6ef56e739790132180028
-
SHA1
0e847d1ff0aebf97bf1ff96b66d942d634c30dfd
-
SHA256
b8a9c7e66c51fa174fc672f4fd6036c74d14943c6bb637b8f76825f1bc792943
-
SHA512
20bd58d6899499427a71e83f8e6f791a6364b4b6169dc17681c298e827d2200cf4dda9021aa6f84f05b14462ded1247846fdecf491cc00009f6d5fb11d166b65
-
SSDEEP
786432:lrwdGNwANRHYC8urPNV2umRho0AgGYmGQSTpy7j:lrwmwANRH18adqhLJHQY07j
Malware Config
Signatures
-
Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
Processes:
prometheusdescription ioc process File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size prometheus -
Reads runtime system information 5 IoCs
Reads data from /proc virtual filesystem.
Processes:
prometheusdescription ioc process File opened for reading /proc/sys/net/core/somaxconn prometheus File opened for reading /proc/1571/stat prometheus File opened for reading /proc/stat prometheus File opened for reading /proc/1571/fd prometheus File opened for reading /proc/1571/limits prometheus -
Writes file to tmp directory 3 IoCs
Malware often drops required files in the /tmp directory.
Processes:
prometheusdescription ioc process File opened for modification /tmp/prometheus - agent - Bastion/data/queries.active prometheus File opened for modification /tmp/prometheus - agent - Bastion/data/lock prometheus File opened for modification /tmp/prometheus - agent - Bastion/data/wal/00000000 prometheus
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
/tmp/prometheus - agent - Bastion/data/wal/00000000Filesize
239KB
MD5048ca79a35bc7de05196d737224e9ec1
SHA1b7033d2eb87ae51d64d772555685623be7e48f2c
SHA2565e75e8f1f355244f2e84b8d2c114e03f1409f5428f346cfc2a03f490d7adffa9
SHA51235348503d647d63a2ed1052e558aafaf2a09f106f539c9fe19f2680ae389f4ba261ad8fdecbdd4d5818b35eb95826204ab8c0d052cbb23297580e995086f6517