General

  • Target

    na.elf

  • Size

    418KB

  • Sample

    250222-zg5gfazqx4

  • MD5

    e2c4ec3891b2de669fe434efa32bf177

  • SHA1

    2356ed26e101be6ebc1672adb7be3ba417d6251a

  • SHA256

    a13e60d3e834cc09dc50bb33510247a713c167fb183d3a088a46ab4f8060b56c

  • SHA512

    b2106a985746259c580892e5776b7aa99adedd86eb505d6baf94e841e35ecc28f6b4677e28287b298b917dc7b64dd8f153ebeed4dc0ecc5f9d228b2781c9f43e

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeS6:W4/y+qaBUZJAdVtu

Malware Config

Targets

    • Target

      na.elf

    • Size

      418KB

    • MD5

      e2c4ec3891b2de669fe434efa32bf177

    • SHA1

      2356ed26e101be6ebc1672adb7be3ba417d6251a

    • SHA256

      a13e60d3e834cc09dc50bb33510247a713c167fb183d3a088a46ab4f8060b56c

    • SHA512

      b2106a985746259c580892e5776b7aa99adedd86eb505d6baf94e841e35ecc28f6b4677e28287b298b917dc7b64dd8f153ebeed4dc0ecc5f9d228b2781c9f43e

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeS6:W4/y+qaBUZJAdVtu

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks