General

  • Target

    na.elf

  • Size

    418KB

  • Sample

    250222-h9p4sasqv9

  • MD5

    eb75325250dedbdfeda48ba61e8a2ff6

  • SHA1

    09ca7bc90514815f994e25bac54def3d24dce08b

  • SHA256

    560a96ce115e4f9042c6791d61e60288efc70881eeb4370786eeddd4cd55c4d0

  • SHA512

    1938f8a3b7c9587f3be52d6fc8c7766a7f109d05dc1fb8adbcb3bf9746774a6631906c77082a071e0ae39b970def7172d7f034cd2a3c7e3eed4d8780e0ef7e22

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeS+:W4/y+qaBUZJAdVti

Malware Config

Targets

    • Target

      na.elf

    • Size

      418KB

    • MD5

      eb75325250dedbdfeda48ba61e8a2ff6

    • SHA1

      09ca7bc90514815f994e25bac54def3d24dce08b

    • SHA256

      560a96ce115e4f9042c6791d61e60288efc70881eeb4370786eeddd4cd55c4d0

    • SHA512

      1938f8a3b7c9587f3be52d6fc8c7766a7f109d05dc1fb8adbcb3bf9746774a6631906c77082a071e0ae39b970def7172d7f034cd2a3c7e3eed4d8780e0ef7e22

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeS+:W4/y+qaBUZJAdVti

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks