General

  • Target

    47d31a432ae16e54459f5e6b7d9fc9b2219448a2d0a0b9d22df59bb1cd1d2551.elf

  • Size

    418KB

  • Sample

    250221-c4xzjs1jdz

  • MD5

    edb5c583fbb391bd3d838ec66727a700

  • SHA1

    61132c1de284dac22f3b3130049d9da4b877ac4e

  • SHA256

    47d31a432ae16e54459f5e6b7d9fc9b2219448a2d0a0b9d22df59bb1cd1d2551

  • SHA512

    7d586bfb0aafee578686969c7d0c0564e65ec10a5844069a35cf2809a65cb69fa999fa932a8d7388cecc5dfaae978e7807bc714f88f5e76916c0a6ad848d120a

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSr:W4/y+qaBUZJAdVtP

Malware Config

Targets

    • Target

      47d31a432ae16e54459f5e6b7d9fc9b2219448a2d0a0b9d22df59bb1cd1d2551.elf

    • Size

      418KB

    • MD5

      edb5c583fbb391bd3d838ec66727a700

    • SHA1

      61132c1de284dac22f3b3130049d9da4b877ac4e

    • SHA256

      47d31a432ae16e54459f5e6b7d9fc9b2219448a2d0a0b9d22df59bb1cd1d2551

    • SHA512

      7d586bfb0aafee578686969c7d0c0564e65ec10a5844069a35cf2809a65cb69fa999fa932a8d7388cecc5dfaae978e7807bc714f88f5e76916c0a6ad848d120a

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSr:W4/y+qaBUZJAdVtP

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks