prometei_elf | 51836e37c1c67af61689113b64ca9fb15e623dd51536a061f04ccfda95c4825d | Triage

Sharing

General

Target

na.elf
Size

425KB
Sample

250331-slr9cavm15
MD5

e88af6e0cc8cc525a7dcdb2b39cf3d65
SHA1

625a2be1fe73fa3a91045b9f009b9f92dd4070ef
SHA256

51836e37c1c67af61689113b64ca9fb15e623dd51536a061f04ccfda95c4825d
SHA512

a74795693f8ae4e5739808a1ee23aca92586f12b58247ee44d566ceaeb44c36d6e4e1d1389364c55f64a71116c636b17720db51ec6eb00c5f67d2a7264335615
SSDEEP

6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgn:25WOSACZSV6eKRH5EPiamb4DsDwwc3

Score

10^/10

prometei_elf botnet discovery linux miner persistence privilege_escalation upx

Malware Config

Targets

- Target
  
  na.elf
- Size
  
  425KB
- MD5
  
  e88af6e0cc8cc525a7dcdb2b39cf3d65
- SHA1
  
  625a2be1fe73fa3a91045b9f009b9f92dd4070ef
- SHA256
  
  51836e37c1c67af61689113b64ca9fb15e623dd51536a061f04ccfda95c4825d
- SHA512
  
  a74795693f8ae4e5739808a1ee23aca92586f12b58247ee44d566ceaeb44c36d6e4e1d1389364c55f64a71116c636b17720db51ec6eb00c5f67d2a7264335615
- SSDEEP
  
  6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgn:25WOSACZSV6eKRH5EPiamb4DsDwwc3
Score

10^/10

prometei_elf botnet discovery miner persistence privilege_escalation upx
- Prometei
  Prometei is a multiplatform botnet used to mine cryptocurrency.
  botnet miner prometei_elf
- Prometei_elf family
  prometei_elf
- Deletes itself
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Modifies systemd
  Adds/ modifies systemd service files. Likely to achieve persistence.
  persistence privilege_escalation
- Write file to user bin folder
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Privilege Escalation

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

prometei_elfbotnetdiscoveryminerpersistenceprivilege_escalationupx