General

  • Target

    na.elf

  • Size

    418KB

  • Sample

    250223-an74gaske1

  • MD5

    8f1370d269e23308251b79d6952aaeee

  • SHA1

    6f2348f4c83eaac5d44497ee83524470adab31e9

  • SHA256

    2beeb75c0973fb533987b53d914dc75426bac28ff49cb4b3746d10304fb6e3c1

  • SHA512

    ec58f4a539bd907a064c3e8be0eb4df038e435e8e20da96ec94581592227cb2e3684b40129d6d1ac1e096dd6452c39dffb4b270913e7d46bb66f1ae42e822874

  • SSDEEP

    12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSL:W4/y+qaBUZJAdVt3

Malware Config

Targets

    • Target

      na.elf

    • Size

      418KB

    • MD5

      8f1370d269e23308251b79d6952aaeee

    • SHA1

      6f2348f4c83eaac5d44497ee83524470adab31e9

    • SHA256

      2beeb75c0973fb533987b53d914dc75426bac28ff49cb4b3746d10304fb6e3c1

    • SHA512

      ec58f4a539bd907a064c3e8be0eb4df038e435e8e20da96ec94581592227cb2e3684b40129d6d1ac1e096dd6452c39dffb4b270913e7d46bb66f1ae42e822874

    • SSDEEP

      12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSL:W4/y+qaBUZJAdVt3

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks