General

  • Target

    d6336a54ed4c5e9e77b0d04613ea98ca26c3993a1f00c278bed8c05479aa5c8c.elf

  • Size

    418KB

  • Sample

    250222-g4pqds1qz5

  • MD5

    5520e36e448d636cad43108f7ceab7ba

  • SHA1

    3467210188f8caa092d82abfb8bdf3b96e41d566

  • SHA256

    d6336a54ed4c5e9e77b0d04613ea98ca26c3993a1f00c278bed8c05479aa5c8c

  • SHA512

    0c567c13eb57121eeff555fae15fe41402deebae1386655f7bcd6c9c25c25e075b3b95c10be76402a8bd66b2a3f113484b727feb14ca48feee05b9d11cb142f1

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSC:W4/y+qaBUZJAdVtu

Malware Config

Targets

    • Target

      d6336a54ed4c5e9e77b0d04613ea98ca26c3993a1f00c278bed8c05479aa5c8c.elf

    • Size

      418KB

    • MD5

      5520e36e448d636cad43108f7ceab7ba

    • SHA1

      3467210188f8caa092d82abfb8bdf3b96e41d566

    • SHA256

      d6336a54ed4c5e9e77b0d04613ea98ca26c3993a1f00c278bed8c05479aa5c8c

    • SHA512

      0c567c13eb57121eeff555fae15fe41402deebae1386655f7bcd6c9c25c25e075b3b95c10be76402a8bd66b2a3f113484b727feb14ca48feee05b9d11cb142f1

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSC:W4/y+qaBUZJAdVtu

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Reads EFI boot settings

      Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks