General

  • Target

    na.elf

  • Size

    418KB

  • Sample

    250222-1dpr9ayqby

  • MD5

    5d750ed429b31f5cfd5d5298340a5a2c

  • SHA1

    1937bf05c68f0058bee04c49bcba6c6f77880948

  • SHA256

    4cba0a0fcbe93e3b00ccfa05df73aba0fe6976c82596dbdbb28d92c421d3dc83

  • SHA512

    052b0b1580f70cef36af830bbee6555f38955a615b2b7605e4f8b1ef3e110f140c74b072d0cd5de3e086c43c5918a2c05be77d90b1dc4540f487d6a7ea1322da

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSk:W4/y+qaBUZJAdVto

Malware Config

Targets

    • Target

      na.elf

    • Size

      418KB

    • MD5

      5d750ed429b31f5cfd5d5298340a5a2c

    • SHA1

      1937bf05c68f0058bee04c49bcba6c6f77880948

    • SHA256

      4cba0a0fcbe93e3b00ccfa05df73aba0fe6976c82596dbdbb28d92c421d3dc83

    • SHA512

      052b0b1580f70cef36af830bbee6555f38955a615b2b7605e4f8b1ef3e110f140c74b072d0cd5de3e086c43c5918a2c05be77d90b1dc4540f487d6a7ea1322da

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSk:W4/y+qaBUZJAdVto

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks