General

  • Target

    eb95eb2b593163b388fb3d9bcb33e82e233a1bf873bca945b7e5c2b64977a922.elf

  • Size

    418KB

  • Sample

    250221-ezf7cavlz6

  • MD5

    817c605e1653237ca58dd5ef2a55166f

  • SHA1

    cc02004c8d579280d3278a7bae735978c9016d28

  • SHA256

    eb95eb2b593163b388fb3d9bcb33e82e233a1bf873bca945b7e5c2b64977a922

  • SHA512

    e159faaffee8e5f3c0c6268c411988b5c312605ee304a6648368e6192740ea5322840fab8e066f0b64d8cc59074cafe7734ee8102d95ed6b8eadae4ae87cbfcd

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSz:W4/y+qaBUZJAdVtH

Malware Config

Targets

    • Target

      eb95eb2b593163b388fb3d9bcb33e82e233a1bf873bca945b7e5c2b64977a922.elf

    • Size

      418KB

    • MD5

      817c605e1653237ca58dd5ef2a55166f

    • SHA1

      cc02004c8d579280d3278a7bae735978c9016d28

    • SHA256

      eb95eb2b593163b388fb3d9bcb33e82e233a1bf873bca945b7e5c2b64977a922

    • SHA512

      e159faaffee8e5f3c0c6268c411988b5c312605ee304a6648368e6192740ea5322840fab8e066f0b64d8cc59074cafe7734ee8102d95ed6b8eadae4ae87cbfcd

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSz:W4/y+qaBUZJAdVtH

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks