General

  • Target

    bf8739fd97ae08f481a400469d89069c74c5794cdfd6792ce186d51487427a65.elf

  • Size

    418KB

  • Sample

    250222-gtxm9a1nz9

  • MD5

    f5d4522af395c9d7c1c7b430892a8cb9

  • SHA1

    0d3ce84c38a3d0d4c3e640df354f379044d2a6bc

  • SHA256

    bf8739fd97ae08f481a400469d89069c74c5794cdfd6792ce186d51487427a65

  • SHA512

    c6aa951bc06240a10733db1da6d64f7345919191ef1cd88a57ff8be5418ba2f00160e70b85c628a360c10890af218a9ea9cff35f69854cb49938ee1c8030980a

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSp:W4/y+qaBUZJAdVtt

Malware Config

Targets

    • Target

      bf8739fd97ae08f481a400469d89069c74c5794cdfd6792ce186d51487427a65.elf

    • Size

      418KB

    • MD5

      f5d4522af395c9d7c1c7b430892a8cb9

    • SHA1

      0d3ce84c38a3d0d4c3e640df354f379044d2a6bc

    • SHA256

      bf8739fd97ae08f481a400469d89069c74c5794cdfd6792ce186d51487427a65

    • SHA512

      c6aa951bc06240a10733db1da6d64f7345919191ef1cd88a57ff8be5418ba2f00160e70b85c628a360c10890af218a9ea9cff35f69854cb49938ee1c8030980a

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSp:W4/y+qaBUZJAdVtt

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks