General

  • Target

    na.elf

  • Size

    425KB

  • Sample

    250313-alswrszjt2

  • MD5

    52ae14efca302ed2fd0ea28056943fca

  • SHA1

    1c5933890cf136431ead959a2858a039a6d11c6f

  • SHA256

    b2778048bc0b7cf4c0fa1ef30404819035f5e86325cfe4376da566bdbc598a71

  • SHA512

    517f64884e1c657f192e218b2eedee2f54ea236b58976711990a7aa64426c7791ef952e66a445bfd7eef28b967e9ee563dd54dda5ade38e793a88e2a014f5c18

  • SSDEEP

    6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgW:25WOSACZSV6eKRH5EPiamb4DsDwwcm

Malware Config

Targets

    • Target

      na.elf

    • Size

      425KB

    • MD5

      52ae14efca302ed2fd0ea28056943fca

    • SHA1

      1c5933890cf136431ead959a2858a039a6d11c6f

    • SHA256

      b2778048bc0b7cf4c0fa1ef30404819035f5e86325cfe4376da566bdbc598a71

    • SHA512

      517f64884e1c657f192e218b2eedee2f54ea236b58976711990a7aa64426c7791ef952e66a445bfd7eef28b967e9ee563dd54dda5ade38e793a88e2a014f5c18

    • SSDEEP

      6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgW:25WOSACZSV6eKRH5EPiamb4DsDwwcm

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks