General

  • Target

    7e56a76b7be1d8d7eaf363abf5c82493552f7807fd6cb629d38a9386eea24f8a.elf

  • Size

    418KB

  • Sample

    250221-d1cd4s1qct

  • MD5

    f238c3f20a9e66ac07bc182a0fb4106f

  • SHA1

    122c2d438fb16bf6a11a9e5b1a89a4c54390c62c

  • SHA256

    7e56a76b7be1d8d7eaf363abf5c82493552f7807fd6cb629d38a9386eea24f8a

  • SHA512

    978e8949224acf3d3a6fb152a5a45ccb0c6b4a0d0a3de9abc88b63f96708cfc8a2d2fece1d6bb9aa8f1960db6d7473c28eac51ef48ccff39f5f6b4ce03766eb7

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSP:W4/y+qaBUZJAdVtL

Malware Config

Targets

    • Target

      7e56a76b7be1d8d7eaf363abf5c82493552f7807fd6cb629d38a9386eea24f8a.elf

    • Size

      418KB

    • MD5

      f238c3f20a9e66ac07bc182a0fb4106f

    • SHA1

      122c2d438fb16bf6a11a9e5b1a89a4c54390c62c

    • SHA256

      7e56a76b7be1d8d7eaf363abf5c82493552f7807fd6cb629d38a9386eea24f8a

    • SHA512

      978e8949224acf3d3a6fb152a5a45ccb0c6b4a0d0a3de9abc88b63f96708cfc8a2d2fece1d6bb9aa8f1960db6d7473c28eac51ef48ccff39f5f6b4ce03766eb7

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSP:W4/y+qaBUZJAdVtL

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks