General

  • Target

    na.elf

  • Size

    418KB

  • Sample

    250222-vj468swlw2

  • MD5

    1bacfa9a041ce3de0b49d334aaea9bea

  • SHA1

    5e7a9ca5aedb5b0c76c0318bc0bdf2e57dcc20f8

  • SHA256

    cb8562a2180f49c5ef3860831297cb48f803bcdf224bf14ada7a7263b4be4623

  • SHA512

    d637ada1e0d798f198413af61b4255c86b291d9404ce2e2eda25e56ca8c7d376dcbc78a807f99a01d25c94a62f26dd067286b66a34ca3904f21eb7e48b874d38

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSv:W4/y+qaBUZJAdVtT

Malware Config

Targets

    • Target

      na.elf

    • Size

      418KB

    • MD5

      1bacfa9a041ce3de0b49d334aaea9bea

    • SHA1

      5e7a9ca5aedb5b0c76c0318bc0bdf2e57dcc20f8

    • SHA256

      cb8562a2180f49c5ef3860831297cb48f803bcdf224bf14ada7a7263b4be4623

    • SHA512

      d637ada1e0d798f198413af61b4255c86b291d9404ce2e2eda25e56ca8c7d376dcbc78a807f99a01d25c94a62f26dd067286b66a34ca3904f21eb7e48b874d38

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSv:W4/y+qaBUZJAdVtT

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks