General

  • Target

    na.elf

  • Size

    418KB

  • Sample

    250222-qwwy6sypy5

  • MD5

    1a603586fb977ab06534e09867053a90

  • SHA1

    4fb82079fc11f59859dfe2137ab053f5efcdde74

  • SHA256

    d3177e9a241a632ba753b2e073af74169275ae64b8a1a256a7b8976de853396e

  • SHA512

    474b96a510c60c405d28ee7449e3111ded252955a09f49a653dceb9664433110864e8bc1a185fe1a81a27acd73c08a927e6039cbd32e84b00d17528f18413bd2

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSc:W4/y+qaBUZJAdVtw

Malware Config

Targets

    • Target

      na.elf

    • Size

      418KB

    • MD5

      1a603586fb977ab06534e09867053a90

    • SHA1

      4fb82079fc11f59859dfe2137ab053f5efcdde74

    • SHA256

      d3177e9a241a632ba753b2e073af74169275ae64b8a1a256a7b8976de853396e

    • SHA512

      474b96a510c60c405d28ee7449e3111ded252955a09f49a653dceb9664433110864e8bc1a185fe1a81a27acd73c08a927e6039cbd32e84b00d17528f18413bd2

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSc:W4/y+qaBUZJAdVtw

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks