General

  • Target

    c375af50af2b59d6cb5a15ae82119a7d454b1f2c87bfb4be99bb7bc304334a72.elf

  • Size

    418KB

  • Sample

    250221-enbsgsslfx

  • MD5

    01d7fe139d0a5621d843e3873675fec7

  • SHA1

    5c92c9d0ca502c0cf756ff3b63f1a6f316057117

  • SHA256

    c375af50af2b59d6cb5a15ae82119a7d454b1f2c87bfb4be99bb7bc304334a72

  • SHA512

    a3ab22d875aa93aef99f9867b918aa2b3cba7ef2a392968c98e454c7a658912dc71e4c263272f4dffc17717a550207bdeab0fa90d3bb29e5c1fc1e7204d2719d

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSu:W4/y+qaBUZJAdVtK

Malware Config

Targets

    • Target

      c375af50af2b59d6cb5a15ae82119a7d454b1f2c87bfb4be99bb7bc304334a72.elf

    • Size

      418KB

    • MD5

      01d7fe139d0a5621d843e3873675fec7

    • SHA1

      5c92c9d0ca502c0cf756ff3b63f1a6f316057117

    • SHA256

      c375af50af2b59d6cb5a15ae82119a7d454b1f2c87bfb4be99bb7bc304334a72

    • SHA512

      a3ab22d875aa93aef99f9867b918aa2b3cba7ef2a392968c98e454c7a658912dc71e4c263272f4dffc17717a550207bdeab0fa90d3bb29e5c1fc1e7204d2719d

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSu:W4/y+qaBUZJAdVtK

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks