General
-
Target
na.elf
-
Size
425KB
-
Sample
250403-ypys7as1bv
-
MD5
da58a18309e461f4ccaa5ade237591d5
-
SHA1
323164cfc73581fee01b8303306344884446967c
-
SHA256
53f3c38b283a6a9497dba3733a2c9721d5678b04d36dd8a47e2dc2b9c0001739
-
SHA512
7205ba30db46be906437e88fcbeaf4ecc6facb398800c603b7e8686c8607c0d25ae1fa2257bd81e48ccaa3a4f86bcefef2aa7bf347d602d31bd64c2445fcdfd7
-
SSDEEP
6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitg0:25WOSACZSV6eKRH5EPiamb4DsDwwck
Malware Config
Targets
-
-
Target
na.elf
-
Size
425KB
-
MD5
da58a18309e461f4ccaa5ade237591d5
-
SHA1
323164cfc73581fee01b8303306344884446967c
-
SHA256
53f3c38b283a6a9497dba3733a2c9721d5678b04d36dd8a47e2dc2b9c0001739
-
SHA512
7205ba30db46be906437e88fcbeaf4ecc6facb398800c603b7e8686c8607c0d25ae1fa2257bd81e48ccaa3a4f86bcefef2aa7bf347d602d31bd64c2445fcdfd7
-
SSDEEP
6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitg0:25WOSACZSV6eKRH5EPiamb4DsDwwck
Score10/10-
Prometei
Prometei is a multiplatform botnet used to mine cryptocurrency.
-
Prometei_elf family
-
Deletes itself
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1XDG Autostart Entries
1Create or Modify System Process
1Systemd Service
1