General
-
Target
na.elf
-
Size
425KB
-
Sample
250404-aeds9swyet
-
MD5
a7a719c9455350f4ba984f1249406816
-
SHA1
588a4adff1fb04c6892aa68805fd5ae22e0e082a
-
SHA256
1c01a2c6f3be98e5c90260d4fb8b24260bb00b58813741b71cd81b1050d46327
-
SHA512
77e31582219f181c79a4a46859867f7c11c96dcc3955306396a5c9373ba491ab55c1cf1ac3c07e6e8b729144d854e9615b3736a1ee98ae59a92b1303e2df8538
-
SSDEEP
6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgF:25WOSACZSV6eKRH5EPiamb4DsDwwc1
Malware Config
Targets
-
-
Target
na.elf
-
Size
425KB
-
MD5
a7a719c9455350f4ba984f1249406816
-
SHA1
588a4adff1fb04c6892aa68805fd5ae22e0e082a
-
SHA256
1c01a2c6f3be98e5c90260d4fb8b24260bb00b58813741b71cd81b1050d46327
-
SHA512
77e31582219f181c79a4a46859867f7c11c96dcc3955306396a5c9373ba491ab55c1cf1ac3c07e6e8b729144d854e9615b3736a1ee98ae59a92b1303e2df8538
-
SSDEEP
6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgF:25WOSACZSV6eKRH5EPiamb4DsDwwc1
Score10/10-
Prometei
Prometei is a multiplatform botnet used to mine cryptocurrency.
-
Prometei_elf family
-
Deletes itself
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1XDG Autostart Entries
1Create or Modify System Process
1Systemd Service
1