prometei_elf | 8dac5df6e0ffecef37e746c8e8b7ab8e6d622df199897737f43f75ffa2fd9a02 | Triage

Sharing

General

Target

na.elf
Size

418KB
Sample

250218-g2l7gsxqes
MD5

376ee7eb042f326fa40f32e28c59b27d
SHA1

839efc24183ad9c36fd77638062183188ab620b0
SHA256

8dac5df6e0ffecef37e746c8e8b7ab8e6d622df199897737f43f75ffa2fd9a02
SHA512

d0caca5d081a880ad0ec7ef23b008b4ba48cbc46654c7c43d3537f891b0b1edb18f87b9042e3fc2ff9efd3d8d577477df573e0fc28a16ce7d09450275eb45f29
SSDEEP

12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSZ:W4/y+qaBUZJAdVtF

Score

10^/10

prometei_elf botnet discovery linux miner persistence privilege_escalation upx

Malware Config

Targets

- Target
  
  na.elf
- Size
  
  418KB
- MD5
  
  376ee7eb042f326fa40f32e28c59b27d
- SHA1
  
  839efc24183ad9c36fd77638062183188ab620b0
- SHA256
  
  8dac5df6e0ffecef37e746c8e8b7ab8e6d622df199897737f43f75ffa2fd9a02
- SHA512
  
  d0caca5d081a880ad0ec7ef23b008b4ba48cbc46654c7c43d3537f891b0b1edb18f87b9042e3fc2ff9efd3d8d577477df573e0fc28a16ce7d09450275eb45f29
- SSDEEP
  
  12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSZ:W4/y+qaBUZJAdVtF
Score

10^/10

prometei_elf botnet discovery miner persistence privilege_escalation upx
- Prometei
  Prometei is a multiplatform botnet used to mine cryptocurrency.
  botnet miner prometei_elf
- Prometei_elf family
  prometei_elf
- Deletes itself
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Modifies systemd
  Adds/ modifies systemd service files. Likely to achieve persistence.
  persistence privilege_escalation
- Write file to user bin folder
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Privilege Escalation

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

prometei_elfbotnetdiscoveryminerpersistenceprivilege_escalationupx