General

  • Target

    na.elf

  • Size

    418KB

  • Sample

    250221-e6khcavnt8

  • MD5

    86596bdf816a7fc80bf1fb79bb0ee281

  • SHA1

    02cbdac44cf808248a8375013c405d493423e275

  • SHA256

    25a2df1ddf0fa125702ac8e40acd44d5b7ca9e223cd99d3e7f9c05e7f02da4c7

  • SHA512

    37082be2f3f130f31de7ed063162d53957d0ea8a6b296f41ff0c77e681a1aca02d5924fedd4288524919313c9ea57dbf5a47c706669932da3970410ea89aed59

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSI:W4/y+qaBUZJAdVtk

Malware Config

Targets

    • Target

      na.elf

    • Size

      418KB

    • MD5

      86596bdf816a7fc80bf1fb79bb0ee281

    • SHA1

      02cbdac44cf808248a8375013c405d493423e275

    • SHA256

      25a2df1ddf0fa125702ac8e40acd44d5b7ca9e223cd99d3e7f9c05e7f02da4c7

    • SHA512

      37082be2f3f130f31de7ed063162d53957d0ea8a6b296f41ff0c77e681a1aca02d5924fedd4288524919313c9ea57dbf5a47c706669932da3970410ea89aed59

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSI:W4/y+qaBUZJAdVtk

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks