General
-
Target
na.elf
-
Size
425KB
-
Sample
250404-d6h4va1px5
-
MD5
a47712d5e98d5a57c942fee3378458e0
-
SHA1
81934957e7965e7322feaf57bec2a808daf6f941
-
SHA256
47aa54ded25dc9610f1511dc081a8feef48692c8a71cf585d3a26b0cb047c020
-
SHA512
1dfcaadcda183db8498db775645fa169f0d70a5cd51058cfb6bf3722d74f6fb44cf47cd3d232baf8f8d86ff795dbb6d85ecf78adba92b8f6505a3aacfe08b40f
-
SSDEEP
6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgn:25WOSACZSV6eKRH5EPiamb4DsDwwc3
Malware Config
Targets
-
-
Target
na.elf
-
Size
425KB
-
MD5
a47712d5e98d5a57c942fee3378458e0
-
SHA1
81934957e7965e7322feaf57bec2a808daf6f941
-
SHA256
47aa54ded25dc9610f1511dc081a8feef48692c8a71cf585d3a26b0cb047c020
-
SHA512
1dfcaadcda183db8498db775645fa169f0d70a5cd51058cfb6bf3722d74f6fb44cf47cd3d232baf8f8d86ff795dbb6d85ecf78adba92b8f6505a3aacfe08b40f
-
SSDEEP
6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgn:25WOSACZSV6eKRH5EPiamb4DsDwwc3
Score10/10-
Prometei
Prometei is a multiplatform botnet used to mine cryptocurrency.
-
Prometei_elf family
-
Deletes itself
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Reads EFI boot settings
Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1XDG Autostart Entries
1Create or Modify System Process
1Systemd Service
1Pre-OS Boot
1Bootkit
1