General
-
Target
na.elf
-
Size
418KB
-
Sample
250218-g414esxrdr
-
MD5
aaec70ecaa4cb6fda95c63055930caf5
-
SHA1
ef5497255b10403938315733270819fc5ad4e516
-
SHA256
78a92a5e3e4eba7bf170b6be52686b30f6271da6d62d53d724ba38b8c13806ae
-
SHA512
9b44ddf66208ab8352b45ae4ebfc2689c9a979ce33de0919c588f3a4c32134224324f5402ae280fe20c85bdbedfef59a51a13fd0a0c96296c0f46501dbbf8daf
-
SSDEEP
12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSL:W4/y+qaBUZJAdVt/
Malware Config
Targets
-
-
Target
na.elf
-
Size
418KB
-
MD5
aaec70ecaa4cb6fda95c63055930caf5
-
SHA1
ef5497255b10403938315733270819fc5ad4e516
-
SHA256
78a92a5e3e4eba7bf170b6be52686b30f6271da6d62d53d724ba38b8c13806ae
-
SHA512
9b44ddf66208ab8352b45ae4ebfc2689c9a979ce33de0919c588f3a4c32134224324f5402ae280fe20c85bdbedfef59a51a13fd0a0c96296c0f46501dbbf8daf
-
SSDEEP
12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSL:W4/y+qaBUZJAdVt/
Score10/10-
Prometei
Prometei is a multiplatform botnet used to mine cryptocurrency.
-
Prometei_elf family
-
Deletes itself
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1XDG Autostart Entries
1Create or Modify System Process
1Systemd Service
1