General
-
Target
na.elf
-
Size
425KB
-
Sample
250403-2gjk3syjz5
-
MD5
6bab57cace67e3f7b5d8f3b0d323663c
-
SHA1
cf9f55bfa4bf86e607857efdd658bdf8a0d947aa
-
SHA256
644d805bd61b93d2db687bf265ee7df01596117fc389bf545041898f16954873
-
SHA512
c2ce27e1a0cc803d50beae55fa153abbf9b169017993fcf5f74122d38123a3f6d6bb0ba5a4a0cee1cd64ec08b0fa2a7ab55086d673d993326497bf4d11887e45
-
SSDEEP
6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgU:25WOSACZSV6eKRH5EPiamb4DsDwwck
Malware Config
Targets
-
-
Target
na.elf
-
Size
425KB
-
MD5
6bab57cace67e3f7b5d8f3b0d323663c
-
SHA1
cf9f55bfa4bf86e607857efdd658bdf8a0d947aa
-
SHA256
644d805bd61b93d2db687bf265ee7df01596117fc389bf545041898f16954873
-
SHA512
c2ce27e1a0cc803d50beae55fa153abbf9b169017993fcf5f74122d38123a3f6d6bb0ba5a4a0cee1cd64ec08b0fa2a7ab55086d673d993326497bf4d11887e45
-
SSDEEP
6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgU:25WOSACZSV6eKRH5EPiamb4DsDwwck
Score10/10-
Prometei
Prometei is a multiplatform botnet used to mine cryptocurrency.
-
Prometei_elf family
-
Deletes itself
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1XDG Autostart Entries
1Create or Modify System Process
1Systemd Service
1