General

  • Target

    af14830b73a61b22c3cfaec4ea019a949459ff74fcc5ab2806d59275a23633d1.elf

  • Size

    418KB

  • Sample

    250221-efty4askby

  • MD5

    a7a2779ba6cd2b7d806665baec7cbb71

  • SHA1

    c6ef05b2826632e9fc4348bba103f2b4a03bbf64

  • SHA256

    af14830b73a61b22c3cfaec4ea019a949459ff74fcc5ab2806d59275a23633d1

  • SHA512

    bf02ccb5ce59572dd6a8891157e8a0f72d5f5e4bf3ee32a304292a6a42c2b0d3f51c925f0e2e027972c0c46c77e670d6692142ffdbfab35b1e42f55bad22625c

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSD:W4/y+qaBUZJAdVtX

Malware Config

Targets

    • Target

      af14830b73a61b22c3cfaec4ea019a949459ff74fcc5ab2806d59275a23633d1.elf

    • Size

      418KB

    • MD5

      a7a2779ba6cd2b7d806665baec7cbb71

    • SHA1

      c6ef05b2826632e9fc4348bba103f2b4a03bbf64

    • SHA256

      af14830b73a61b22c3cfaec4ea019a949459ff74fcc5ab2806d59275a23633d1

    • SHA512

      bf02ccb5ce59572dd6a8891157e8a0f72d5f5e4bf3ee32a304292a6a42c2b0d3f51c925f0e2e027972c0c46c77e670d6692142ffdbfab35b1e42f55bad22625c

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSD:W4/y+qaBUZJAdVtX

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Reads EFI boot settings

      Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks