General

  • Target

    57cc9977abaf927526d727121c3feab4d2208765453d8f1f374512931bbd4a86.elf

  • Size

    418KB

  • Sample

    250221-dlynsstk18

  • MD5

    aed25d3fa891f3957005300978820f30

  • SHA1

    e1b2b3bb9904d90a7ee8e363f833d143c4c74a0f

  • SHA256

    57cc9977abaf927526d727121c3feab4d2208765453d8f1f374512931bbd4a86

  • SHA512

    6fa0bd75c97c824c0d22c01b5bc556a7b1ccc87f2dd378aa0cda8de4605092c3940d9d269505bc3acac48754421600f42dc5044bd9db674144e52b1e2ef8a865

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSb:W4/y+qaBUZJAdVtX

Malware Config

Targets

    • Target

      57cc9977abaf927526d727121c3feab4d2208765453d8f1f374512931bbd4a86.elf

    • Size

      418KB

    • MD5

      aed25d3fa891f3957005300978820f30

    • SHA1

      e1b2b3bb9904d90a7ee8e363f833d143c4c74a0f

    • SHA256

      57cc9977abaf927526d727121c3feab4d2208765453d8f1f374512931bbd4a86

    • SHA512

      6fa0bd75c97c824c0d22c01b5bc556a7b1ccc87f2dd378aa0cda8de4605092c3940d9d269505bc3acac48754421600f42dc5044bd9db674144e52b1e2ef8a865

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSb:W4/y+qaBUZJAdVtX

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks