General

  • Target

    na.elf

  • Size

    418KB

  • Sample

    250222-1dpr9a1mz2

  • MD5

    f00d70900b3655602e82f6596165d50d

  • SHA1

    21c64af61bba2f08f5dacd67ec374d5b7935e9a8

  • SHA256

    9afab83bb94001d17f7907365986989b65b8e7db825018bec3608d7e7b16120f

  • SHA512

    6ce211a0dfd8d78c0860947c04ea38b572563fc7ea30aeacb3932b7935f3ff28f575673af30d484aa315902b886a136fef5ee49a777493afe4fc44ce2d0210a8

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSt:W4/y+qaBUZJAdVt5

Malware Config

Targets

    • Target

      na.elf

    • Size

      418KB

    • MD5

      f00d70900b3655602e82f6596165d50d

    • SHA1

      21c64af61bba2f08f5dacd67ec374d5b7935e9a8

    • SHA256

      9afab83bb94001d17f7907365986989b65b8e7db825018bec3608d7e7b16120f

    • SHA512

      6ce211a0dfd8d78c0860947c04ea38b572563fc7ea30aeacb3932b7935f3ff28f575673af30d484aa315902b886a136fef5ee49a777493afe4fc44ce2d0210a8

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSt:W4/y+qaBUZJAdVt5

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks