General

  • Target

    na.elf

  • Size

    418KB

  • Sample

    250222-t7q4vatqgk

  • MD5

    f84bb9ca7f8e98f6284b191038b774d7

  • SHA1

    b119f043fe0f1fa97e8a034f5a528156b673fd4e

  • SHA256

    b34f5183af67fe92e82bbc05290b688cdd4524d2bdd3d2a22694f66a9d50513e

  • SHA512

    666e9cb1d62d792b225017327873d2f3114240d2ab88a96573099961acd6bf66d335bffadae04ae513f360ee37a876dd89205ad75df7b44bd8d414e4d446cd03

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSN:W4/y+qaBUZJAdVtJ

Malware Config

Targets

    • Target

      na.elf

    • Size

      418KB

    • MD5

      f84bb9ca7f8e98f6284b191038b774d7

    • SHA1

      b119f043fe0f1fa97e8a034f5a528156b673fd4e

    • SHA256

      b34f5183af67fe92e82bbc05290b688cdd4524d2bdd3d2a22694f66a9d50513e

    • SHA512

      666e9cb1d62d792b225017327873d2f3114240d2ab88a96573099961acd6bf66d335bffadae04ae513f360ee37a876dd89205ad75df7b44bd8d414e4d446cd03

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSN:W4/y+qaBUZJAdVtJ

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks