General

  • Target

    0dd11c8538d33570521bea3b7f7f331874ff5ac9578d0abee05fcc8d5fe5b1bb.elf

  • Size

    418KB

  • Sample

    250223-cg84aswms7

  • MD5

    d7ccf7e56b090b038bb11fb75937eed0

  • SHA1

    e5a3a40a76e44e25db63d8ba6ae7d1cde30d4e4f

  • SHA256

    0dd11c8538d33570521bea3b7f7f331874ff5ac9578d0abee05fcc8d5fe5b1bb

  • SHA512

    7126ed9c9d25b43ef953de6f0598929c0e4719eaebf9f01ab48f94422fc0a5b8292a2b886137e34861aa6abe87eae1ba58e7cc5a317009159eb23aae9e38824e

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeS0:W4/y+qaBUZJAdVtQ

Malware Config

Targets

    • Target

      0dd11c8538d33570521bea3b7f7f331874ff5ac9578d0abee05fcc8d5fe5b1bb.elf

    • Size

      418KB

    • MD5

      d7ccf7e56b090b038bb11fb75937eed0

    • SHA1

      e5a3a40a76e44e25db63d8ba6ae7d1cde30d4e4f

    • SHA256

      0dd11c8538d33570521bea3b7f7f331874ff5ac9578d0abee05fcc8d5fe5b1bb

    • SHA512

      7126ed9c9d25b43ef953de6f0598929c0e4719eaebf9f01ab48f94422fc0a5b8292a2b886137e34861aa6abe87eae1ba58e7cc5a317009159eb23aae9e38824e

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeS0:W4/y+qaBUZJAdVtQ

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks