General

  • Target

    727945e62824c3231f72c79f377a394dce2f9b6ffc3d719425d9cd18a23f1812.elf

  • Size

    418KB

  • Sample

    250221-dv3n4stmx3

  • MD5

    061762ca902f7f95d03f85586891698c

  • SHA1

    bddc860bc049c7fb7eb43e50df2765cfb3b93a51

  • SHA256

    727945e62824c3231f72c79f377a394dce2f9b6ffc3d719425d9cd18a23f1812

  • SHA512

    ca2643591b73efbfb480d9accb49d08df6cd312bbc6fec4ec1305ddaa0925ca34345d4182046d340c8b0001b83f90b6ec2c0660578e474b4ccf88f94f4dbc69b

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSy:W4/y+qaBUZJAdVtm

Malware Config

Targets

    • Target

      727945e62824c3231f72c79f377a394dce2f9b6ffc3d719425d9cd18a23f1812.elf

    • Size

      418KB

    • MD5

      061762ca902f7f95d03f85586891698c

    • SHA1

      bddc860bc049c7fb7eb43e50df2765cfb3b93a51

    • SHA256

      727945e62824c3231f72c79f377a394dce2f9b6ffc3d719425d9cd18a23f1812

    • SHA512

      ca2643591b73efbfb480d9accb49d08df6cd312bbc6fec4ec1305ddaa0925ca34345d4182046d340c8b0001b83f90b6ec2c0660578e474b4ccf88f94f4dbc69b

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSy:W4/y+qaBUZJAdVtm

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks