General

  • Target

    66d6194c462fc8a7209bf696c7e9c638a200e64de67f35651dfe488b8089f696.elf

  • Size

    418KB

  • Sample

    250221-dq81bstlz5

  • MD5

    b1b77bde45ee71f6cf7ca49c80e1cb20

  • SHA1

    ff569d7ff8eec3fce1aa31c6ab0a6ddfe3d0b193

  • SHA256

    66d6194c462fc8a7209bf696c7e9c638a200e64de67f35651dfe488b8089f696

  • SHA512

    5ddb620687c021aa011d27dd26830b167a75cd5cb59734cb8d9b7dd5d64ec98cc719eb0e6fffa15ce30112a3d33a5f990d21f4e5430f490d7af7578e37ba6ce8

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSo:W4/y+qaBUZJAdVtE

Malware Config

Targets

    • Target

      66d6194c462fc8a7209bf696c7e9c638a200e64de67f35651dfe488b8089f696.elf

    • Size

      418KB

    • MD5

      b1b77bde45ee71f6cf7ca49c80e1cb20

    • SHA1

      ff569d7ff8eec3fce1aa31c6ab0a6ddfe3d0b193

    • SHA256

      66d6194c462fc8a7209bf696c7e9c638a200e64de67f35651dfe488b8089f696

    • SHA512

      5ddb620687c021aa011d27dd26830b167a75cd5cb59734cb8d9b7dd5d64ec98cc719eb0e6fffa15ce30112a3d33a5f990d21f4e5430f490d7af7578e37ba6ce8

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSo:W4/y+qaBUZJAdVtE

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks