General
-
Target
na.elf
-
Size
418KB
-
Sample
250218-ha9n5sxrb1
-
MD5
8802719556772543b30d55da8aa9bb20
-
SHA1
73dcec6c8e66eab3a09d41b3c40444528cb958aa
-
SHA256
599b066f9309e2899118eb1969587028bdd017b6029d9516b9e1246c26c806c1
-
SHA512
0ad6496ba8e1122aff80fd4a60f65948ad5a7c19044529cbf38a34c0bf1b7b2a0206a0fbf366f349c5287a7d19dfaa64e28028014a68715d534ef8a22811d156
-
SSDEEP
12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSX:W4/y+qaBUZJAdVtb
Malware Config
Targets
-
-
Target
na.elf
-
Size
418KB
-
MD5
8802719556772543b30d55da8aa9bb20
-
SHA1
73dcec6c8e66eab3a09d41b3c40444528cb958aa
-
SHA256
599b066f9309e2899118eb1969587028bdd017b6029d9516b9e1246c26c806c1
-
SHA512
0ad6496ba8e1122aff80fd4a60f65948ad5a7c19044529cbf38a34c0bf1b7b2a0206a0fbf366f349c5287a7d19dfaa64e28028014a68715d534ef8a22811d156
-
SSDEEP
12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSX:W4/y+qaBUZJAdVtb
Score10/10-
Prometei
Prometei is a multiplatform botnet used to mine cryptocurrency.
-
Prometei_elf family
-
Deletes itself
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1XDG Autostart Entries
1Create or Modify System Process
1Systemd Service
1