General

  • Target

    9f66108e8b2e9484a5622a29f9ae72b1f8c009db497bec5026edf096841a9eac.elf

  • Size

    418KB

  • Sample

    250222-fndshsyqal

  • MD5

    573be86be553c072f9227334859e47f8

  • SHA1

    12854f3086102ae83753d52d3a3119333d964261

  • SHA256

    9f66108e8b2e9484a5622a29f9ae72b1f8c009db497bec5026edf096841a9eac

  • SHA512

    96162c4fd9444afcacf150efe266fead207eb04c673b9ce3b5e396684b8deeeae5fd1e20977794a70bc44ebf5be1d2e9cc84edbcb208e0e9e8c0841239a06029

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSV:W4/y+qaBUZJAdVtR

Malware Config

Targets

    • Target

      9f66108e8b2e9484a5622a29f9ae72b1f8c009db497bec5026edf096841a9eac.elf

    • Size

      418KB

    • MD5

      573be86be553c072f9227334859e47f8

    • SHA1

      12854f3086102ae83753d52d3a3119333d964261

    • SHA256

      9f66108e8b2e9484a5622a29f9ae72b1f8c009db497bec5026edf096841a9eac

    • SHA512

      96162c4fd9444afcacf150efe266fead207eb04c673b9ce3b5e396684b8deeeae5fd1e20977794a70bc44ebf5be1d2e9cc84edbcb208e0e9e8c0841239a06029

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSV:W4/y+qaBUZJAdVtR

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks