General

  • Target

    na.elf

  • Size

    425KB

  • Sample

    250312-lfe89swvaz

  • MD5

    77e4d6d5cb477f3e6ef4b7493c463a11

  • SHA1

    c1332864b20742dace3d7dbad8b8dbb075616f7c

  • SHA256

    875903c68466ae3b5038f842bb42eebbe3482a619eb8255dd5f8c73a991c3c35

  • SHA512

    39e4dd03ab3f8f63ccf2c5c3e57f947e7b0069fc3f00c825bf504a57b09424f21030884c3ad9a785c730ea35f99da2c3eb1c45a1ee722960171edbd8f33d867e

  • SSDEEP

    6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgm:25WOSACZSV6eKRH5EPiamb4DsDwwcW

Malware Config

Targets

    • Target

      na.elf

    • Size

      425KB

    • MD5

      77e4d6d5cb477f3e6ef4b7493c463a11

    • SHA1

      c1332864b20742dace3d7dbad8b8dbb075616f7c

    • SHA256

      875903c68466ae3b5038f842bb42eebbe3482a619eb8255dd5f8c73a991c3c35

    • SHA512

      39e4dd03ab3f8f63ccf2c5c3e57f947e7b0069fc3f00c825bf504a57b09424f21030884c3ad9a785c730ea35f99da2c3eb1c45a1ee722960171edbd8f33d867e

    • SSDEEP

      6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgm:25WOSACZSV6eKRH5EPiamb4DsDwwcW

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks