General

  • Target

    dff1e680c8e724d5bf9dd2428984235ea8de07dbfd3d93f930b0193ce4c84b91.elf

  • Size

    418KB

  • Sample

    250221-ew2nwatjal

  • MD5

    aab28a42c3ae158c9f395636f6212cb1

  • SHA1

    0bdc3c9ebda9dff8214a541ce1d5acccd8a982b4

  • SHA256

    dff1e680c8e724d5bf9dd2428984235ea8de07dbfd3d93f930b0193ce4c84b91

  • SHA512

    61a7d5cd0e02df37142fc1aa9e7dc2ad3ef32548288c20de05692c4a66f9edc0a56c75e7d84c265228182a24a14958da144cc1fb2dc0782641e86503092106c0

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSN:W4/y+qaBUZJAdVtZ

Malware Config

Targets

    • Target

      dff1e680c8e724d5bf9dd2428984235ea8de07dbfd3d93f930b0193ce4c84b91.elf

    • Size

      418KB

    • MD5

      aab28a42c3ae158c9f395636f6212cb1

    • SHA1

      0bdc3c9ebda9dff8214a541ce1d5acccd8a982b4

    • SHA256

      dff1e680c8e724d5bf9dd2428984235ea8de07dbfd3d93f930b0193ce4c84b91

    • SHA512

      61a7d5cd0e02df37142fc1aa9e7dc2ad3ef32548288c20de05692c4a66f9edc0a56c75e7d84c265228182a24a14958da144cc1fb2dc0782641e86503092106c0

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSN:W4/y+qaBUZJAdVtZ

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Reads EFI boot settings

      Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks