General

  • Target

    b1e83ddda151bd700b95d80324447ae5ca7864a180629ac61b584bd5facd38e9.elf

  • Size

    418KB

  • Sample

    250221-egfsvsspal

  • MD5

    3fac2563c18e6137a648b7b9a0f9ef8e

  • SHA1

    6aeb218c6ecf5d36ddd4bda7be8befc88091e6d7

  • SHA256

    b1e83ddda151bd700b95d80324447ae5ca7864a180629ac61b584bd5facd38e9

  • SHA512

    eb6938c8673a49859f3dd06f0a6ee8d30186d2e404f858313dd87d94ca85f3b4af60941f77ee881970cfed91c6cc7813c8ec0834d6097d3f4e99bfe32ad16c2d

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSw:W4/y+qaBUZJAdVts

Malware Config

Targets

    • Target

      b1e83ddda151bd700b95d80324447ae5ca7864a180629ac61b584bd5facd38e9.elf

    • Size

      418KB

    • MD5

      3fac2563c18e6137a648b7b9a0f9ef8e

    • SHA1

      6aeb218c6ecf5d36ddd4bda7be8befc88091e6d7

    • SHA256

      b1e83ddda151bd700b95d80324447ae5ca7864a180629ac61b584bd5facd38e9

    • SHA512

      eb6938c8673a49859f3dd06f0a6ee8d30186d2e404f858313dd87d94ca85f3b4af60941f77ee881970cfed91c6cc7813c8ec0834d6097d3f4e99bfe32ad16c2d

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSw:W4/y+qaBUZJAdVts

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks