General

  • Target

    ab1387b4b2e55b6ebd3cbc55bba3ec0131dabf9e3229de0fd4fa29ac3e0a2008.elf

  • Size

    418KB

  • Sample

    250221-efbgrasnfq

  • MD5

    7164ba570e6235089549a6a168214cd8

  • SHA1

    c6c20079e582bbdfbe61dff788ca13a21d2d6380

  • SHA256

    ab1387b4b2e55b6ebd3cbc55bba3ec0131dabf9e3229de0fd4fa29ac3e0a2008

  • SHA512

    d0fdda40a1e7613dfbfd62833f76497ead7b4de3098b3b9cc4270bd7a7eeb77cdba8548d6205b4eaf25867799416cdb92fda38eb9d611caff815f852608b0db5

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeS1:W4/y+qaBUZJAdVtZ

Malware Config

Targets

    • Target

      ab1387b4b2e55b6ebd3cbc55bba3ec0131dabf9e3229de0fd4fa29ac3e0a2008.elf

    • Size

      418KB

    • MD5

      7164ba570e6235089549a6a168214cd8

    • SHA1

      c6c20079e582bbdfbe61dff788ca13a21d2d6380

    • SHA256

      ab1387b4b2e55b6ebd3cbc55bba3ec0131dabf9e3229de0fd4fa29ac3e0a2008

    • SHA512

      d0fdda40a1e7613dfbfd62833f76497ead7b4de3098b3b9cc4270bd7a7eeb77cdba8548d6205b4eaf25867799416cdb92fda38eb9d611caff815f852608b0db5

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeS1:W4/y+qaBUZJAdVtZ

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks