ff37bfe914dd0d8b5c7e6553f4204b8a65d4a9f9f1909ff7a3cf121070d05a20

Analysis

max time kernel
0s
max time network
897s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
28-06-2024 06:24

Target

prometheus - agent - Bastion/promtool
Size

107.7MB
MD5

b23adea926f9895a5ddbe572cd36097c
SHA1

dbfdbc38cbe6a176510d3ce26fb8c6d368bfd9e6
SHA256

31f1f65c87ed9555cd9d6c9e99121e96935d37f9df604a80a3f5ee7df79dcf8c
SHA512

a8546771fe6650eaff6a71b1e7fa216fe02638b604f06a424f55e2f71131707fa6cdece2ba7918138532a35f15ef93e046ba0a4d741478713d2b497aa329cca0
SSDEEP

786432:Q7D60gGr9d9+Efx/xIliWvf5tXvPqxLdafUsz7YLxJzI9xLpdvj:ID60gGH4+xZA7XHwLd/svYFu9xNdvj

Score

3^/10

Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery
T1082

Processes:

promtool

description ioc process

File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size promtool

description	ioc	process
File opened for reading	/sys/kernel/mm/transparent_hugepage/hpage_pmd_size	promtool

/tmp/prometheus - agent - Bastion/promtool
"/tmp/prometheus - agent - Bastion/promtool"
1⤵
- Enumerates kernel/hardware configuration
PID:1568

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance