General

  • Target

    na.elf

  • Size

    418KB

  • Sample

    250221-jdn3aawrgq

  • MD5

    61da5878b52c13cc86e54ceae9ad9875

  • SHA1

    dd2bd132248c312a1071d70c94281f801b7989f7

  • SHA256

    4cdb122fd10f0b1c35eb8a1dbd4c93d7955e0e17821d34a5c98c63a4732ff8d0

  • SHA512

    d72421109ca9a8bf6d0f491673a1798ba034713a035d4df5131d42b1b1033e9c7e8e66b20e09b06f0dc8b022e48bb69e63c8190512c105a0537c65980642fb09

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeS/:W4/y+qaBUZJAdVtz

Malware Config

Targets

    • Target

      na.elf

    • Size

      418KB

    • MD5

      61da5878b52c13cc86e54ceae9ad9875

    • SHA1

      dd2bd132248c312a1071d70c94281f801b7989f7

    • SHA256

      4cdb122fd10f0b1c35eb8a1dbd4c93d7955e0e17821d34a5c98c63a4732ff8d0

    • SHA512

      d72421109ca9a8bf6d0f491673a1798ba034713a035d4df5131d42b1b1033e9c7e8e66b20e09b06f0dc8b022e48bb69e63c8190512c105a0537c65980642fb09

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeS/:W4/y+qaBUZJAdVtz

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks