General
-
Target
na.elf
-
Size
425KB
-
Sample
250403-zbzn1attdt
-
MD5
c614239b0cc16ff65f7f46b4c01a75eb
-
SHA1
00d0a3daf86c69a20db778f5200fa73331815251
-
SHA256
52c5fcd93d3a046044886ba02cfcfb39f9770dd6f7a3985c09b10841a2dafe3c
-
SHA512
cdb08e7a96fc315b42218c03355ff0e487851003219739bac1918d997621bd5c75393d42291d5086357947c82e854790772a1f53a114b9af208cf984ac5fbd30
-
SSDEEP
6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgP:25WOSACZSV6eKRH5EPiamb4DsDwwc/
Malware Config
Targets
-
-
Target
na.elf
-
Size
425KB
-
MD5
c614239b0cc16ff65f7f46b4c01a75eb
-
SHA1
00d0a3daf86c69a20db778f5200fa73331815251
-
SHA256
52c5fcd93d3a046044886ba02cfcfb39f9770dd6f7a3985c09b10841a2dafe3c
-
SHA512
cdb08e7a96fc315b42218c03355ff0e487851003219739bac1918d997621bd5c75393d42291d5086357947c82e854790772a1f53a114b9af208cf984ac5fbd30
-
SSDEEP
6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgP:25WOSACZSV6eKRH5EPiamb4DsDwwc/
Score10/10-
Prometei
Prometei is a multiplatform botnet used to mine cryptocurrency.
-
Prometei_elf family
-
Deletes itself
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1XDG Autostart Entries
1Create or Modify System Process
1Systemd Service
1