General
-
Target
na.elf
-
Size
425KB
-
Sample
250403-z5sgsawrx9
-
MD5
84c46f0bb4ac98fe32245989300d2327
-
SHA1
5943ae77e0c6d1e389db929fd3412baf9c2fd474
-
SHA256
a42d53bc7de5cfebce2878c4dd636a37943289883688f57365b539941d6825fe
-
SHA512
ae24e44c974511afd3426f9fd12d7e187234e79b2893306a9ff77d1fe5c5b342ad0583f28cb73cfa59b58fa09a37dcca21c6472dc1578cf094e7cce74f5b2601
-
SSDEEP
6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgz:25WOSACZSV6eKRH5EPiamb4DsDwwcD
Malware Config
Targets
-
-
Target
na.elf
-
Size
425KB
-
MD5
84c46f0bb4ac98fe32245989300d2327
-
SHA1
5943ae77e0c6d1e389db929fd3412baf9c2fd474
-
SHA256
a42d53bc7de5cfebce2878c4dd636a37943289883688f57365b539941d6825fe
-
SHA512
ae24e44c974511afd3426f9fd12d7e187234e79b2893306a9ff77d1fe5c5b342ad0583f28cb73cfa59b58fa09a37dcca21c6472dc1578cf094e7cce74f5b2601
-
SSDEEP
6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgz:25WOSACZSV6eKRH5EPiamb4DsDwwcD
Score10/10-
Prometei
Prometei is a multiplatform botnet used to mine cryptocurrency.
-
Prometei_elf family
-
Deletes itself
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1XDG Autostart Entries
1Create or Modify System Process
1Systemd Service
1