General

  • Target

    fcf76b1330b7a5f58db98a50109ac0f975732d5056445be80264acda5390d229.elf

  • Size

    418KB

  • Sample

    250221-e3netsspft

  • MD5

    0c431f0257e23bade797263b8eeb12c3

  • SHA1

    2e084d0d5f0188939a19c22667bdf4b157cb6f5e

  • SHA256

    fcf76b1330b7a5f58db98a50109ac0f975732d5056445be80264acda5390d229

  • SHA512

    b8daa06fcecfe4dc3e24888c911df9b30b197f40a18ff65c080bdf34bf7d74661f6cc49b9c6077d88af25c6bfc1cb9348929f835cd32629a752b91e9bee2f3a8

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSD:W4/y+qaBUZJAdVtn

Malware Config

Targets

    • Target

      fcf76b1330b7a5f58db98a50109ac0f975732d5056445be80264acda5390d229.elf

    • Size

      418KB

    • MD5

      0c431f0257e23bade797263b8eeb12c3

    • SHA1

      2e084d0d5f0188939a19c22667bdf4b157cb6f5e

    • SHA256

      fcf76b1330b7a5f58db98a50109ac0f975732d5056445be80264acda5390d229

    • SHA512

      b8daa06fcecfe4dc3e24888c911df9b30b197f40a18ff65c080bdf34bf7d74661f6cc49b9c6077d88af25c6bfc1cb9348929f835cd32629a752b91e9bee2f3a8

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSD:W4/y+qaBUZJAdVtn

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Reads EFI boot settings

      Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks