General

  • Target

    f90223e0015c043243794dd3d35f903a1730a70cd0f9f7bbde4788ce184c6b13.elf

  • Size

    418KB

  • Sample

    250221-e2mf5stkap

  • MD5

    6a6db5c455cbb843c881f385bce8ac2b

  • SHA1

    56aa10bc0c59d94f966f3cf1c193dc28fd227c47

  • SHA256

    f90223e0015c043243794dd3d35f903a1730a70cd0f9f7bbde4788ce184c6b13

  • SHA512

    07e4a2a1761d2a00fbaa8805e59cd90b99a45f15f0c601c1a2944b895d06e12bf0a1d9664aec5b1356a478e43d81d0168a55a4b467ba8c70699984afef9e104f

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSt:W4/y+qaBUZJAdVtJ

Malware Config

Targets

    • Target

      f90223e0015c043243794dd3d35f903a1730a70cd0f9f7bbde4788ce184c6b13.elf

    • Size

      418KB

    • MD5

      6a6db5c455cbb843c881f385bce8ac2b

    • SHA1

      56aa10bc0c59d94f966f3cf1c193dc28fd227c47

    • SHA256

      f90223e0015c043243794dd3d35f903a1730a70cd0f9f7bbde4788ce184c6b13

    • SHA512

      07e4a2a1761d2a00fbaa8805e59cd90b99a45f15f0c601c1a2944b895d06e12bf0a1d9664aec5b1356a478e43d81d0168a55a4b467ba8c70699984afef9e104f

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSt:W4/y+qaBUZJAdVtJ

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks