prometei_elf | 39b329cc30ea7fbde38be76b66ce231ad3a786ba8e179e5f2ad39ee2c4c57f84 | Triage

Submit
Reports

Overview

overview

Static

static

5

na.elf

ubuntu-22.04-amd64

Sharing

General

Target

na.elf
Size

425KB
Sample

250331-slr9cavm14
MD5

19fa6012c308b1c018521fdcd452d055
SHA1

acd8922809e83407732ae26d21ea5e6609f59e88
SHA256

39b329cc30ea7fbde38be76b66ce231ad3a786ba8e179e5f2ad39ee2c4c57f84
SHA512

26830dc6b9e17962913ce99367bd0c59dda5635bd2eeaf040dcc8d278fe41187ffb53af78f8513a049ce438e01090ee2ba706da0825387c654e1c3b691f56cfa
SSDEEP

6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitga:25WOSACZSV6eKRH5EPiamb4DsDwwcq

Score

10^/10

prometei_elf botnet discovery linux miner persistence privilege_escalation upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

na.elf

Resource

ubuntu2204-amd64-20250307-en

prometei_elf botnet discovery miner persistence privilege_escalation upx

ubuntu-22.04-amd64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  na.elf
- Size
  
  425KB
- MD5
  
  19fa6012c308b1c018521fdcd452d055
- SHA1
  
  acd8922809e83407732ae26d21ea5e6609f59e88
- SHA256
  
  39b329cc30ea7fbde38be76b66ce231ad3a786ba8e179e5f2ad39ee2c4c57f84
- SHA512
  
  26830dc6b9e17962913ce99367bd0c59dda5635bd2eeaf040dcc8d278fe41187ffb53af78f8513a049ce438e01090ee2ba706da0825387c654e1c3b691f56cfa
- SSDEEP
  
  6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitga:25WOSACZSV6eKRH5EPiamb4DsDwwcq
Score

10^/10

prometei_elf botnet discovery miner persistence privilege_escalation upx
- Prometei
  Prometei is a multiplatform botnet used to mine cryptocurrency.
  botnet miner prometei_elf
- Prometei_elf family
  prometei_elf
- Deletes itself
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Modifies systemd
  Adds/ modifies systemd service files. Likely to achieve persistence.
  persistence privilege_escalation
- Write file to user bin folder
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Privilege Escalation

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

prometei_elfbotnetdiscoveryminerpersistenceprivilege_escalationupx

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.