General

  • Target

    d3adee722dae9f13eea57a65c0a341f9eb74d4910fde948edf2eb0d26e835df9.elf

  • Size

    418KB

  • Sample

    250222-g3n3ga1qx7

  • MD5

    44759644f6973b6ff120555315941cd1

  • SHA1

    54b150db6002161c476b7995140008ae7d2972fc

  • SHA256

    d3adee722dae9f13eea57a65c0a341f9eb74d4910fde948edf2eb0d26e835df9

  • SHA512

    3bc0c271fb50715aecd7e587b0dd37e7677413d62d5ef5c5a0f65864aa48f0066aa29f0b5332df70acc54e50e9913780c43b522b62086f12b5e1c04662558ed3

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSk:W4/y+qaBUZJAdVt4

Malware Config

Targets

    • Target

      d3adee722dae9f13eea57a65c0a341f9eb74d4910fde948edf2eb0d26e835df9.elf

    • Size

      418KB

    • MD5

      44759644f6973b6ff120555315941cd1

    • SHA1

      54b150db6002161c476b7995140008ae7d2972fc

    • SHA256

      d3adee722dae9f13eea57a65c0a341f9eb74d4910fde948edf2eb0d26e835df9

    • SHA512

      3bc0c271fb50715aecd7e587b0dd37e7677413d62d5ef5c5a0f65864aa48f0066aa29f0b5332df70acc54e50e9913780c43b522b62086f12b5e1c04662558ed3

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSk:W4/y+qaBUZJAdVt4

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks