prometei_elf | 3cf50281a875db06fe11f4436932d8719717f8e50a96e08f20877a2a64b9a183 | Triage

Sharing

General

Target

3cf50281a875db06fe11f4436932d8719717f8e50a96e08f20877a2a64b9a183.elf
Size

418KB
Sample

250227-c6ntnaspx4
MD5

c6b0ecfe3d92c90c908e1eadd62b9b93
SHA1

5e5072e921849c081d99b737c505c027e15f5403
SHA256

3cf50281a875db06fe11f4436932d8719717f8e50a96e08f20877a2a64b9a183
SHA512

8a3ac6aa16c75e8241c522df55ce3da7675f8e608ec48591a077ee24565c8675cc56d194687faab8c589af68c8456183a41bd4a4a49edb5ffd04a37708df6329
SSDEEP

12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeS+:W4/y+qaBUZJAdVt6

Score

10^/10

prometei_elf botnet discovery linux miner persistence privilege_escalation stealer upx

Malware Config

Targets

- Target
  
  3cf50281a875db06fe11f4436932d8719717f8e50a96e08f20877a2a64b9a183.elf
- Size
  
  418KB
- MD5
  
  c6b0ecfe3d92c90c908e1eadd62b9b93
- SHA1
  
  5e5072e921849c081d99b737c505c027e15f5403
- SHA256
  
  3cf50281a875db06fe11f4436932d8719717f8e50a96e08f20877a2a64b9a183
- SHA512
  
  8a3ac6aa16c75e8241c522df55ce3da7675f8e608ec48591a077ee24565c8675cc56d194687faab8c589af68c8456183a41bd4a4a49edb5ffd04a37708df6329
- SSDEEP
  
  12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeS+:W4/y+qaBUZJAdVt6
Score

10^/10

prometei_elf botnet discovery miner persistence privilege_escalation stealer upx
- Prometei
  Prometei is a multiplatform botnet used to mine cryptocurrency.
  botnet miner prometei_elf
- Prometei_elf family
  prometei_elf
- Deletes itself
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Reads EFI boot settings
  Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.
  stealer
- Enumerates running processes
  Discovers information about currently running processes on the system
- Modifies systemd
  Adds/ modifies systemd service files. Likely to achieve persistence.
  persistence privilege_escalation
- Write file to user bin folder
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Pre-OS Boot

Bootkit

Privilege Escalation

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

prometei_elfbotnetdiscoveryminerpersistenceprivilege_escalationstealerupx