General

  • Target

    f0689db7bbb1d2943949ac285941c0506d620bdfb02a6d6bc883ba8062602cbd.elf

  • Size

    418KB

  • Sample

    250222-hcf5lszlg1

  • MD5

    738ed844397f9f01d3d7a5879462fb8a

  • SHA1

    c1236cf7a08c7cb711037d9b8381d505668aa020

  • SHA256

    f0689db7bbb1d2943949ac285941c0506d620bdfb02a6d6bc883ba8062602cbd

  • SHA512

    e51c96c7854fffa741e30ff6436f511500f4f6f055b00551384670e0509a88fb0b95db6b62bb31b38138e7f80469903da0538e581f3d8586c17161dce6e616b9

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeST:W4/y+qaBUZJAdVtX

Malware Config

Targets

    • Target

      f0689db7bbb1d2943949ac285941c0506d620bdfb02a6d6bc883ba8062602cbd.elf

    • Size

      418KB

    • MD5

      738ed844397f9f01d3d7a5879462fb8a

    • SHA1

      c1236cf7a08c7cb711037d9b8381d505668aa020

    • SHA256

      f0689db7bbb1d2943949ac285941c0506d620bdfb02a6d6bc883ba8062602cbd

    • SHA512

      e51c96c7854fffa741e30ff6436f511500f4f6f055b00551384670e0509a88fb0b95db6b62bb31b38138e7f80469903da0538e581f3d8586c17161dce6e616b9

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeST:W4/y+qaBUZJAdVtX

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks