General

  • Target

    na.elf

  • Size

    418KB

  • Sample

    250221-f8xfcswnv3

  • MD5

    b1a38abe3d183881e49bc06a285851ca

  • SHA1

    5ea0113f5695d22681c655d4fa0971819a373476

  • SHA256

    078f0221efc090f62048cdae8b4000bbd3898fbeff37784494a2773c5f2cda73

  • SHA512

    7c34f4e613eaeb5e4dd4017533ca96ef8045f75fc6d3426f0436cea1564eb639e5bde43923e5eabd73ccb909009975868d4ab2206121c5530194086644bf355d

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSy:W4/y+qaBUZJAdVt+

Malware Config

Targets

    • Target

      na.elf

    • Size

      418KB

    • MD5

      b1a38abe3d183881e49bc06a285851ca

    • SHA1

      5ea0113f5695d22681c655d4fa0971819a373476

    • SHA256

      078f0221efc090f62048cdae8b4000bbd3898fbeff37784494a2773c5f2cda73

    • SHA512

      7c34f4e613eaeb5e4dd4017533ca96ef8045f75fc6d3426f0436cea1564eb639e5bde43923e5eabd73ccb909009975868d4ab2206121c5530194086644bf355d

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSy:W4/y+qaBUZJAdVt+

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks