General

  • Target

    na.elf

  • Size

    425KB

  • Sample

    250312-qjet5asqw3

  • MD5

    74b4e403e630942c61c480b94dd463ee

  • SHA1

    0ebbb9b738075e584f3a4b065f9efd20f6bd228a

  • SHA256

    bf6c13f5e487297652dafe3b8dcf45f4af1a2d74e2ac2532a6d7c43becda031c

  • SHA512

    2fa73d52bf66a61c698e76e7aa1a28c790cdd4da051de91286edf9c37ccb37951a090a61a44289d37c950f9fcb121727827334b744bfd2802c66710b8c8281ab

  • SSDEEP

    6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgT:25WOSACZSV6eKRH5EPiamb4DsDwwcD

Malware Config

Targets

    • Target

      na.elf

    • Size

      425KB

    • MD5

      74b4e403e630942c61c480b94dd463ee

    • SHA1

      0ebbb9b738075e584f3a4b065f9efd20f6bd228a

    • SHA256

      bf6c13f5e487297652dafe3b8dcf45f4af1a2d74e2ac2532a6d7c43becda031c

    • SHA512

      2fa73d52bf66a61c698e76e7aa1a28c790cdd4da051de91286edf9c37ccb37951a090a61a44289d37c950f9fcb121727827334b744bfd2802c66710b8c8281ab

    • SSDEEP

      6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgT:25WOSACZSV6eKRH5EPiamb4DsDwwcD

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks