General

  • Target

    na.elf

  • Size

    425KB

  • Sample

    250313-baz2dayxgw

  • MD5

    01ee18ac7ec558ddbcad55b441ba4878

  • SHA1

    ea8219e885c5676df107917c10cf5510f4346d77

  • SHA256

    70107bc892826cd2e5990f0867c956d82b0cfd58e4d5cbcde8b57bde7a42cd36

  • SHA512

    b95026590c2804396c8cfd5956d6ae1225bb26159deb5a888bde92ca0b4fdd6b1ddf9d9dc6922975c9b9e8846c3ceaea42596c676c2d91031515551bf0a5be5c

  • SSDEEP

    6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgT:25WOSACZSV6eKRH5EPiamb4DsDwwcj

Malware Config

Targets

    • Target

      na.elf

    • Size

      425KB

    • MD5

      01ee18ac7ec558ddbcad55b441ba4878

    • SHA1

      ea8219e885c5676df107917c10cf5510f4346d77

    • SHA256

      70107bc892826cd2e5990f0867c956d82b0cfd58e4d5cbcde8b57bde7a42cd36

    • SHA512

      b95026590c2804396c8cfd5956d6ae1225bb26159deb5a888bde92ca0b4fdd6b1ddf9d9dc6922975c9b9e8846c3ceaea42596c676c2d91031515551bf0a5be5c

    • SSDEEP

      6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgT:25WOSACZSV6eKRH5EPiamb4DsDwwcj

    • Prometei

      Prometei is a multiplatform botnet used to mine cryptocurrency.

    • Prometei_elf family

    • Deletes itself

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks