General

  • Target

    8a4c1274f8c443541214e4b4c2ffdacac7f72a16bedf1cd5a9dd448c62456dc8.elf

  • Size

    418KB

  • Sample

    250221-d7673a1rdv

  • MD5

    fe88bbd3285929ab1cec239e7b48425b

  • SHA1

    7b13d55476f21004c9b71024fff8c82e21fb585c

  • SHA256

    8a4c1274f8c443541214e4b4c2ffdacac7f72a16bedf1cd5a9dd448c62456dc8

  • SHA512

    0c51ba5d11ce1e9a0895b8998a5038b9647c3ef8f836e2bfa862fb5f39a56f6d2541a2d45f61113cefdfbb9b657c9973782ca1de376da6745cf3aac736f4b949

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSH:W4/y+qaBUZJAdVtL

Malware Config

Targets

    • Target

      8a4c1274f8c443541214e4b4c2ffdacac7f72a16bedf1cd5a9dd448c62456dc8.elf

    • Size

      418KB

    • MD5

      fe88bbd3285929ab1cec239e7b48425b

    • SHA1

      7b13d55476f21004c9b71024fff8c82e21fb585c

    • SHA256

      8a4c1274f8c443541214e4b4c2ffdacac7f72a16bedf1cd5a9dd448c62456dc8

    • SHA512

      0c51ba5d11ce1e9a0895b8998a5038b9647c3ef8f836e2bfa862fb5f39a56f6d2541a2d45f61113cefdfbb9b657c9973782ca1de376da6745cf3aac736f4b949

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSH:W4/y+qaBUZJAdVtL

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks