General

  • Target

    na.elf

  • Size

    418KB

  • Sample

    250222-zg46nsyqdm

  • MD5

    594f10088864aea9c6f0f5a51002b03f

  • SHA1

    e5897e5a3c1ecff2c48342a8509298ed8ba9a6f2

  • SHA256

    bf6d9a47c1f44c71130c8ec89aa3732c506a625853be861dee6e6578c8dc6ae3

  • SHA512

    68a84fac6ca561844d381ce66d571929890bf215af6d166ffbb7247f6e1689ff9acbe2864c83f38501c36c1a879dbccba13d0533484ca95e4986491a607485eb

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSJ:W4/y+qaBUZJAdVtl

Malware Config

Targets

    • Target

      na.elf

    • Size

      418KB

    • MD5

      594f10088864aea9c6f0f5a51002b03f

    • SHA1

      e5897e5a3c1ecff2c48342a8509298ed8ba9a6f2

    • SHA256

      bf6d9a47c1f44c71130c8ec89aa3732c506a625853be861dee6e6578c8dc6ae3

    • SHA512

      68a84fac6ca561844d381ce66d571929890bf215af6d166ffbb7247f6e1689ff9acbe2864c83f38501c36c1a879dbccba13d0533484ca95e4986491a607485eb

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSJ:W4/y+qaBUZJAdVtl

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks