General

  • Target

    e23128f2381bf961a270b912224c7131b79e679fed83fe6814e49da3c0af3989.elf

  • Size

    418KB

  • Sample

    250221-exfg2asnev

  • MD5

    b0535db675e5a6dabecd522acbfa3e52

  • SHA1

    1cf6f9621967e0195bd14212c65393aec51c8dae

  • SHA256

    e23128f2381bf961a270b912224c7131b79e679fed83fe6814e49da3c0af3989

  • SHA512

    5e8783a51c1e416d8a39ff81f86becaa0202aeeaa16ae72767228ba11dfbf957e0f0bb437d3cebe370848a397fdda8eab0781a28c1282c2ddd78c5c38e5f408b

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSo:W4/y+qaBUZJAdVtc

Malware Config

Targets

    • Target

      e23128f2381bf961a270b912224c7131b79e679fed83fe6814e49da3c0af3989.elf

    • Size

      418KB

    • MD5

      b0535db675e5a6dabecd522acbfa3e52

    • SHA1

      1cf6f9621967e0195bd14212c65393aec51c8dae

    • SHA256

      e23128f2381bf961a270b912224c7131b79e679fed83fe6814e49da3c0af3989

    • SHA512

      5e8783a51c1e416d8a39ff81f86becaa0202aeeaa16ae72767228ba11dfbf957e0f0bb437d3cebe370848a397fdda8eab0781a28c1282c2ddd78c5c38e5f408b

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSo:W4/y+qaBUZJAdVtc

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks