General

  • Target

    2a3307dd209792a7c39d257349429af94d9d77c286c6592a57a2e61788d635a3.elf

  • Size

    418KB

  • Sample

    250223-cm2amstqdy

  • MD5

    7fbdf8e53e699573336413409512bbe3

  • SHA1

    68e9ba56638c96987b7f3a07124cdedb7625f407

  • SHA256

    2a3307dd209792a7c39d257349429af94d9d77c286c6592a57a2e61788d635a3

  • SHA512

    d606b8090bed449fefb949e3fe9c4a63f0b5198eb85ade8cde6c9d850981d22799414f0299d36e1f22ae90ea2a9714d8dad128771414c3e80b8c065042af0b15

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeS4:W4/y+qaBUZJAdVtk

Malware Config

Targets

    • Target

      2a3307dd209792a7c39d257349429af94d9d77c286c6592a57a2e61788d635a3.elf

    • Size

      418KB

    • MD5

      7fbdf8e53e699573336413409512bbe3

    • SHA1

      68e9ba56638c96987b7f3a07124cdedb7625f407

    • SHA256

      2a3307dd209792a7c39d257349429af94d9d77c286c6592a57a2e61788d635a3

    • SHA512

      d606b8090bed449fefb949e3fe9c4a63f0b5198eb85ade8cde6c9d850981d22799414f0299d36e1f22ae90ea2a9714d8dad128771414c3e80b8c065042af0b15

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeS4:W4/y+qaBUZJAdVtk

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks