General

  • Target

    na.elf

  • Size

    418KB

  • Sample

    250221-d1dl6s1qcv

  • MD5

    c925d1ffdb3eb8a5231cd125bb26cc3b

  • SHA1

    547e54a122ff089e0d172cddfc1d18a3e87e7ab4

  • SHA256

    13ad819448e3bb7477f5d0191fe7322927a5396ae2ed21faa43e4a2b84e3a449

  • SHA512

    15322140eaa35027388a41239263e122d19d66ad3f7164e7ccda73cd06cdc48f057d6a6ba90803c20f47f3363cfc6e485325ef789432dc115d4a74b73dc55c21

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSR:W4/y+qaBUZJAdVtd

Malware Config

Targets

    • Target

      na.elf

    • Size

      418KB

    • MD5

      c925d1ffdb3eb8a5231cd125bb26cc3b

    • SHA1

      547e54a122ff089e0d172cddfc1d18a3e87e7ab4

    • SHA256

      13ad819448e3bb7477f5d0191fe7322927a5396ae2ed21faa43e4a2b84e3a449

    • SHA512

      15322140eaa35027388a41239263e122d19d66ad3f7164e7ccda73cd06cdc48f057d6a6ba90803c20f47f3363cfc6e485325ef789432dc115d4a74b73dc55c21

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSR:W4/y+qaBUZJAdVtd

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks