General

  • Target

    9f5458eef617aa4eb1864b3e2aaf2f024347b7d49ea03b06ba1ca983463e6fdd.elf

  • Size

    418KB

  • Sample

    250222-fm56dazqz2

  • MD5

    9365f9d52de3ab2bad8528e3595413cd

  • SHA1

    3d013b3f7b41f4c988243cd070b7bfeb3ea14fee

  • SHA256

    9f5458eef617aa4eb1864b3e2aaf2f024347b7d49ea03b06ba1ca983463e6fdd

  • SHA512

    366561cc4ec9197f9dae3527093471459969895091c9661764317fa5993ed41865e301fc9defec766d9a37799eb7a841fb46fc0a83bd9ec6e6d44a7bd68433e4

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSS:W4/y+qaBUZJAdVt+

Malware Config

Targets

    • Target

      9f5458eef617aa4eb1864b3e2aaf2f024347b7d49ea03b06ba1ca983463e6fdd.elf

    • Size

      418KB

    • MD5

      9365f9d52de3ab2bad8528e3595413cd

    • SHA1

      3d013b3f7b41f4c988243cd070b7bfeb3ea14fee

    • SHA256

      9f5458eef617aa4eb1864b3e2aaf2f024347b7d49ea03b06ba1ca983463e6fdd

    • SHA512

      366561cc4ec9197f9dae3527093471459969895091c9661764317fa5993ed41865e301fc9defec766d9a37799eb7a841fb46fc0a83bd9ec6e6d44a7bd68433e4

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSS:W4/y+qaBUZJAdVt+

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks