General

  • Target

    214e4cd93972c2a13b24eec9d226fdbd.bin

  • Size

    418KB

  • Sample

    250313-bc8fjayydx

  • MD5

    faf973b43e6c75e4ad23046bed339430

  • SHA1

    2f076f0414a54f9a96660df3b378733415c49204

  • SHA256

    cc08c89e5e5b206a792e3c97b82be4f1a38bef73b40cef722f5df0980f548c47

  • SHA512

    b31603b4d3222c087f392697b6aae5091d13b9638b698f6b2940bcc5a0b1073ab0bbb69004d5dc5f441061ac08b3726c30f1330fac356421f01dcfbabd8c8144

  • SSDEEP

    12288:PvEvoqfceU0PaSZoQSjQrtIQY8o2mgf1nC9x:nEvoqftCKoQSQtBrosCP

Malware Config

Targets

    • Target

      79b1c07269588051815dccfc3f2652ebcd4f8b8505d92f9d969e0136b347f8b6.elf

    • Size

      425KB

    • MD5

      214e4cd93972c2a13b24eec9d226fdbd

    • SHA1

      ff312133156e3760585c1cb1ef9701b35b4d6aa2

    • SHA256

      79b1c07269588051815dccfc3f2652ebcd4f8b8505d92f9d969e0136b347f8b6

    • SHA512

      a8cec5f4abfc6c0cff269971e051b690c18cdf2a96e00abd93a82f8d98af45209f202046986ca5d024262d990f591faaec91399f1e16d2609f6080b07951f841

    • SSDEEP

      6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgv:25WOSACZSV6eKRH5EPiamb4DsDwwc/

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks