prometei_elf | dffc66dbd75b6d3b6c2127335565668aa4f04cc318e123a47ac33d15ae05f99e | Triage

Sharing

General

Target

na.elf
Size

425KB
Sample

250404-bkj3xaxvc1
MD5

64e1e721aeb771de9f464c6fc95a8bcc
SHA1

bf881f494df684b0444c2cc1fe220ace297b5eb7
SHA256

dffc66dbd75b6d3b6c2127335565668aa4f04cc318e123a47ac33d15ae05f99e
SHA512

0bb201f8192b9c2570ca19b6433a4b3d731ced5552813038752846ecb7a2513353b27d35d8cdd1865bf1c15aad30ef9fe71642810ac0bc64066470f0ad25e739
SSDEEP

6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgu:25WOSACZSV6eKRH5EPiamb4DsDwwc+

Score

10^/10

prometei_elf botnet discovery linux miner persistence privilege_escalation upx

Malware Config

Targets

- Target
  
  na.elf
- Size
  
  425KB
- MD5
  
  64e1e721aeb771de9f464c6fc95a8bcc
- SHA1
  
  bf881f494df684b0444c2cc1fe220ace297b5eb7
- SHA256
  
  dffc66dbd75b6d3b6c2127335565668aa4f04cc318e123a47ac33d15ae05f99e
- SHA512
  
  0bb201f8192b9c2570ca19b6433a4b3d731ced5552813038752846ecb7a2513353b27d35d8cdd1865bf1c15aad30ef9fe71642810ac0bc64066470f0ad25e739
- SSDEEP
  
  6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgu:25WOSACZSV6eKRH5EPiamb4DsDwwc+
Score

10^/10

prometei_elf botnet discovery miner persistence privilege_escalation upx
- Prometei
  Prometei is a multiplatform botnet used to mine cryptocurrency.
  botnet miner prometei_elf
- Prometei_elf family
  prometei_elf
- Deletes itself
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Modifies systemd
  Adds/ modifies systemd service files. Likely to achieve persistence.
  persistence privilege_escalation
- Write file to user bin folder
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Privilege Escalation

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

prometei_elfbotnetdiscoveryminerpersistenceprivilege_escalationupx