General

  • Target

    na.elf

  • Size

    425KB

  • Sample

    250313-ak4a4syrx7

  • MD5

    f4d2cee485eefc4f41d8fa55696b3a59

  • SHA1

    7001dc6603823460fae667dd67afbba1d90d5feb

  • SHA256

    d682619fb22b6a90f7cf57a3472b291a6a73acd0edfc5703d79a225e8312701a

  • SHA512

    b22b8a0c5f13b757852310ad03318db5f161ed769fda909791b2f649daa7967b2e4d8d8955be8d0a374b74e819922bfbcf07cd54b58f44081e942578e411e22b

  • SSDEEP

    6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgB:25WOSACZSV6eKRH5EPiamb4DsDwwcR

Malware Config

Targets

    • Target

      na.elf

    • Size

      425KB

    • MD5

      f4d2cee485eefc4f41d8fa55696b3a59

    • SHA1

      7001dc6603823460fae667dd67afbba1d90d5feb

    • SHA256

      d682619fb22b6a90f7cf57a3472b291a6a73acd0edfc5703d79a225e8312701a

    • SHA512

      b22b8a0c5f13b757852310ad03318db5f161ed769fda909791b2f649daa7967b2e4d8d8955be8d0a374b74e819922bfbcf07cd54b58f44081e942578e411e22b

    • SSDEEP

      6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgB:25WOSACZSV6eKRH5EPiamb4DsDwwcR

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks