General
-
Target
na.elf
-
Size
425KB
-
Sample
250403-x6rkrsvpz7
-
MD5
58e6ac2cd11a839740a3dd1af8b51784
-
SHA1
1537e81fd244881ee4cc5edaaf872441dd56054c
-
SHA256
1f4de317f06406fa586b4d407163b97731e9b15e5fca7ddc14ce9920118138cc
-
SHA512
89eb9fb7b1fcebf03bc49fdd1c4d5d48423c30a344cf597e3302ca7f01232c4f96626dbd166c44fd77e70f1beb707add0b49b977da4fec3f9d2bdb29d7a4685c
-
SSDEEP
6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgf:25WOSACZSV6eKRH5EPiamb4DsDwwcP
Malware Config
Targets
-
-
Target
na.elf
-
Size
425KB
-
MD5
58e6ac2cd11a839740a3dd1af8b51784
-
SHA1
1537e81fd244881ee4cc5edaaf872441dd56054c
-
SHA256
1f4de317f06406fa586b4d407163b97731e9b15e5fca7ddc14ce9920118138cc
-
SHA512
89eb9fb7b1fcebf03bc49fdd1c4d5d48423c30a344cf597e3302ca7f01232c4f96626dbd166c44fd77e70f1beb707add0b49b977da4fec3f9d2bdb29d7a4685c
-
SSDEEP
6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgf:25WOSACZSV6eKRH5EPiamb4DsDwwcP
Score10/10-
Prometei
Prometei is a multiplatform botnet used to mine cryptocurrency.
-
Prometei_elf family
-
Deletes itself
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1XDG Autostart Entries
1Create or Modify System Process
1Systemd Service
1