General

  • Target

    na.elf

  • Size

    425KB

  • Sample

    250312-qwvq4stkw2

  • MD5

    1289506d4b7629ec57a62b0e9dd7673f

  • SHA1

    86c198a4943e61ba47e062614eea05edc04db03b

  • SHA256

    61aeecf564df74e8647549e20480eb709c6f372f25fe0f2d278207956cdead46

  • SHA512

    035508ee87b7ecc07bf97cfb48639b3ee2db8e47f57796976ecb67a4a61e0e1d286273902e1b7c3fc567c4eb3fd3f3bf1e6331660b54b07bf46ddfd2209313bb

  • SSDEEP

    6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitg1:25WOSACZSV6eKRH5EPiamb4DsDwwcl

Malware Config

Targets

    • Target

      na.elf

    • Size

      425KB

    • MD5

      1289506d4b7629ec57a62b0e9dd7673f

    • SHA1

      86c198a4943e61ba47e062614eea05edc04db03b

    • SHA256

      61aeecf564df74e8647549e20480eb709c6f372f25fe0f2d278207956cdead46

    • SHA512

      035508ee87b7ecc07bf97cfb48639b3ee2db8e47f57796976ecb67a4a61e0e1d286273902e1b7c3fc567c4eb3fd3f3bf1e6331660b54b07bf46ddfd2209313bb

    • SSDEEP

      6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitg1:25WOSACZSV6eKRH5EPiamb4DsDwwcl

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks