prometei_elf | 0ec525f0511dfb6f9a9389e6beadc1bdfbea8b814a073d729aafe18b69f219cd | Triage

Sharing

General

Target

na.elf
Size

425KB
Sample

250404-ag827ayqs8
MD5

9d4414ee6a811fe4ba0853a3b1907601
SHA1

43273bea479bbbdd00bea41a8b5ec1593798cfac
SHA256

0ec525f0511dfb6f9a9389e6beadc1bdfbea8b814a073d729aafe18b69f219cd
SHA512

b73da12d077c4516942e74b4f237d3293c7d46baae56bbc72d65342c3dd76a485ad1e95875fbc0d9cd9318e8e72f6e710f2d746b2116caccfbf2253348838066
SSDEEP

6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgh:25WOSACZSV6eKRH5EPiamb4DsDwwcx

Score

10^/10

prometei_elf botnet discovery linux miner persistence privilege_escalation upx

Malware Config

Targets

- Target
  
  na.elf
- Size
  
  425KB
- MD5
  
  9d4414ee6a811fe4ba0853a3b1907601
- SHA1
  
  43273bea479bbbdd00bea41a8b5ec1593798cfac
- SHA256
  
  0ec525f0511dfb6f9a9389e6beadc1bdfbea8b814a073d729aafe18b69f219cd
- SHA512
  
  b73da12d077c4516942e74b4f237d3293c7d46baae56bbc72d65342c3dd76a485ad1e95875fbc0d9cd9318e8e72f6e710f2d746b2116caccfbf2253348838066
- SSDEEP
  
  6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgh:25WOSACZSV6eKRH5EPiamb4DsDwwcx
Score

10^/10

prometei_elf botnet discovery miner persistence privilege_escalation upx
- Prometei
  Prometei is a multiplatform botnet used to mine cryptocurrency.
  botnet miner prometei_elf
- Prometei_elf family
  prometei_elf
- Deletes itself
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Modifies systemd
  Adds/ modifies systemd service files. Likely to achieve persistence.
  persistence privilege_escalation
- Write file to user bin folder
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Privilege Escalation

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

prometei_elfbotnetdiscoveryminerpersistenceprivilege_escalationupx