General

  • Target

    na.elf

  • Size

    418KB

  • Sample

    250222-tgwxeavns8

  • MD5

    70addeef9265a4217d840384b0f48c5a

  • SHA1

    42c94d6020a5cd896c2e74032542483a6d4fe533

  • SHA256

    2c6aaebb0b4041d3041b60da9c478b4dcec5ac55c0a527761dafb8a88d372d8b

  • SHA512

    3b68bca81477d11373e40d7d4051d49510e53ed8866ee2ad37db2107d67b94bbda4cb873582202c4d9984ed5a0310fc9ed34f34beab7b5287725022164b53f62

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSi:W4/y+qaBUZJAdVte

Malware Config

Targets

    • Target

      na.elf

    • Size

      418KB

    • MD5

      70addeef9265a4217d840384b0f48c5a

    • SHA1

      42c94d6020a5cd896c2e74032542483a6d4fe533

    • SHA256

      2c6aaebb0b4041d3041b60da9c478b4dcec5ac55c0a527761dafb8a88d372d8b

    • SHA512

      3b68bca81477d11373e40d7d4051d49510e53ed8866ee2ad37db2107d67b94bbda4cb873582202c4d9984ed5a0310fc9ed34f34beab7b5287725022164b53f62

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSi:W4/y+qaBUZJAdVte

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks