General
-
Target
e7c8836fadd881ce00a1bb75997abc5c716ddd2c6b2081567b958b92cccbd324.elf
-
Size
418KB
-
Sample
250218-d7c9zswrcz
-
MD5
786ee3811fa1230e84b24b4b93fa28a0
-
SHA1
1a732f7a61a2646460b36980e58dceeefac05d5e
-
SHA256
e7c8836fadd881ce00a1bb75997abc5c716ddd2c6b2081567b958b92cccbd324
-
SHA512
9e1352f7b6e2d2d3c8c4fe6e1cc5a85d441568d7684cd9c95c9beee3b5d91b8d8ee4e9b3b7dca205a3ae59129143b36f1f6dcf410597d53771ed69ab3b28c5cc
-
SSDEEP
12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSl:W4/y+qaBUZJAdVtx
Malware Config
Targets
-
-
Target
e7c8836fadd881ce00a1bb75997abc5c716ddd2c6b2081567b958b92cccbd324.elf
-
Size
418KB
-
MD5
786ee3811fa1230e84b24b4b93fa28a0
-
SHA1
1a732f7a61a2646460b36980e58dceeefac05d5e
-
SHA256
e7c8836fadd881ce00a1bb75997abc5c716ddd2c6b2081567b958b92cccbd324
-
SHA512
9e1352f7b6e2d2d3c8c4fe6e1cc5a85d441568d7684cd9c95c9beee3b5d91b8d8ee4e9b3b7dca205a3ae59129143b36f1f6dcf410597d53771ed69ab3b28c5cc
-
SSDEEP
12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSl:W4/y+qaBUZJAdVtx
Score10/10-
Prometei
Prometei is a multiplatform botnet used to mine cryptocurrency.
-
Prometei_elf family
-
Deletes itself
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1XDG Autostart Entries
1Create or Modify System Process
1Systemd Service
1