General

  • Target

    c20df7807f58bde98626965d00d8c679a2af0501d9efd506ae3b0d1155443ae1.elf

  • Size

    418KB

  • Sample

    250221-ell6fasldv

  • MD5

    9d932de335e852288a7ac1c47b409f26

  • SHA1

    c503ccde34d0ac3145caf2717a3ce8e8259abf73

  • SHA256

    c20df7807f58bde98626965d00d8c679a2af0501d9efd506ae3b0d1155443ae1

  • SHA512

    fc01b1fade29cf2b432706ab40decb1aa26b21ccacfacaa82a99a3af84d800caf3ed8ca8a0e7bf4ca0ab6858e3998940b3a4979378168482e79e88b4279ae5ce

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeS3:W4/y+qaBUZJAdVtL

Malware Config

Targets

    • Target

      c20df7807f58bde98626965d00d8c679a2af0501d9efd506ae3b0d1155443ae1.elf

    • Size

      418KB

    • MD5

      9d932de335e852288a7ac1c47b409f26

    • SHA1

      c503ccde34d0ac3145caf2717a3ce8e8259abf73

    • SHA256

      c20df7807f58bde98626965d00d8c679a2af0501d9efd506ae3b0d1155443ae1

    • SHA512

      fc01b1fade29cf2b432706ab40decb1aa26b21ccacfacaa82a99a3af84d800caf3ed8ca8a0e7bf4ca0ab6858e3998940b3a4979378168482e79e88b4279ae5ce

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeS3:W4/y+qaBUZJAdVtL

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks