General

  • Target

    na.elf

  • Size

    425KB

  • Sample

    250313-althaszjt5

  • MD5

    da59f28e73a3d5072e27127bc9ffefff

  • SHA1

    3f58cd59f8898741a26c28e77d3b83360f96d649

  • SHA256

    175c32a73b007a075371dd5f56ef396e985db52e3bc3464ad9a6b8bbc00d934d

  • SHA512

    8f1083134c30a2af7fc6607a93054cc45fec14ad145304f953baf1da45eb84d31e30a19d4dba1bdad740ed6425405894346d8251e36786a3cb9907adfcf074af

  • SSDEEP

    6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgg:25WOSACZSV6eKRH5EPiamb4DsDwwcQ

Malware Config

Targets

    • Target

      na.elf

    • Size

      425KB

    • MD5

      da59f28e73a3d5072e27127bc9ffefff

    • SHA1

      3f58cd59f8898741a26c28e77d3b83360f96d649

    • SHA256

      175c32a73b007a075371dd5f56ef396e985db52e3bc3464ad9a6b8bbc00d934d

    • SHA512

      8f1083134c30a2af7fc6607a93054cc45fec14ad145304f953baf1da45eb84d31e30a19d4dba1bdad740ed6425405894346d8251e36786a3cb9907adfcf074af

    • SSDEEP

      6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgg:25WOSACZSV6eKRH5EPiamb4DsDwwcQ

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks