prometei_elf | fd7140e4cbaa38bc0bca315eac9bfe2cfbe33f629961862b4c21d88e478a14b6 | Triage

Sharing

General

Target

fd7140e4cbaa38bc0bca315eac9bfe2cfbe33f629961862b4c21d88e478a14b6.elf
Size

418KB
Sample

250218-ec4n5axjfp
MD5

311b7bae7f13aa9b4d2b70c4fe84f2bd
SHA1

9be00b05f6dacd5fe63347e4981b0ba01b96b8c1
SHA256

fd7140e4cbaa38bc0bca315eac9bfe2cfbe33f629961862b4c21d88e478a14b6
SHA512

8105a829cf596c4aa6f6447fc43572ee7d9f1eaae30331c69df2fe538d405e19148bc88b870084e1370d17ce25f7c1fa8845a132bd3bbc967a9eec4e2b27259d
SSDEEP

12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSd:W4/y+qaBUZJAdVtZ

Score

10^/10

prometei_elf botnet discovery linux miner persistence privilege_escalation stealer upx

Malware Config

Targets

- Target
  
  fd7140e4cbaa38bc0bca315eac9bfe2cfbe33f629961862b4c21d88e478a14b6.elf
- Size
  
  418KB
- MD5
  
  311b7bae7f13aa9b4d2b70c4fe84f2bd
- SHA1
  
  9be00b05f6dacd5fe63347e4981b0ba01b96b8c1
- SHA256
  
  fd7140e4cbaa38bc0bca315eac9bfe2cfbe33f629961862b4c21d88e478a14b6
- SHA512
  
  8105a829cf596c4aa6f6447fc43572ee7d9f1eaae30331c69df2fe538d405e19148bc88b870084e1370d17ce25f7c1fa8845a132bd3bbc967a9eec4e2b27259d
- SSDEEP
  
  12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSd:W4/y+qaBUZJAdVtZ
Score

10^/10

prometei_elf botnet discovery miner persistence privilege_escalation stealer upx
- Prometei
  Prometei is a multiplatform botnet used to mine cryptocurrency.
  botnet miner prometei_elf
- Prometei_elf family
  prometei_elf
- Deletes itself
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Reads EFI boot settings
  Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.
  stealer
- Enumerates running processes
  Discovers information about currently running processes on the system
- Modifies systemd
  Adds/ modifies systemd service files. Likely to achieve persistence.
  persistence privilege_escalation
- Write file to user bin folder
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Pre-OS Boot

Bootkit

Privilege Escalation

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

prometei_elfbotnetdiscoveryminerpersistenceprivilege_escalationstealerupx