prometei_elf | d58a3e41df025b7cffcdb2d506a461d2dd017852edaf346ccb061092d2b85caa | Triage

Sharing

General

Target

na.elf
Size

425KB
Sample

250404-cj2r1azqz6
MD5

fdacb5c0b076523cda43e97101d775ca
SHA1

7cf1724597a99a1081fa250073c780ff827a2216
SHA256

d58a3e41df025b7cffcdb2d506a461d2dd017852edaf346ccb061092d2b85caa
SHA512

8dc803b1982394133dc9052398b1e324c98377885ab4ff37401ccee2013cfee40808f6cdee544d5eab0f77168d17883ea089339cb4efb91d537eef3ab91f0389
SSDEEP

6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitg5:25WOSACZSV6eKRH5EPiamb4DsDwwcp

Score

10^/10

prometei_elf botnet discovery linux miner persistence privilege_escalation stealer upx

Malware Config

Targets

- Target
  
  na.elf
- Size
  
  425KB
- MD5
  
  fdacb5c0b076523cda43e97101d775ca
- SHA1
  
  7cf1724597a99a1081fa250073c780ff827a2216
- SHA256
  
  d58a3e41df025b7cffcdb2d506a461d2dd017852edaf346ccb061092d2b85caa
- SHA512
  
  8dc803b1982394133dc9052398b1e324c98377885ab4ff37401ccee2013cfee40808f6cdee544d5eab0f77168d17883ea089339cb4efb91d537eef3ab91f0389
- SSDEEP
  
  6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitg5:25WOSACZSV6eKRH5EPiamb4DsDwwcp
Score

10^/10

prometei_elf botnet discovery miner persistence privilege_escalation stealer upx
- Prometei
  Prometei is a multiplatform botnet used to mine cryptocurrency.
  botnet miner prometei_elf
- Prometei_elf family
  prometei_elf
- Deletes itself
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Reads EFI boot settings
  Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.
  stealer
- Enumerates running processes
  Discovers information about currently running processes on the system
- Modifies systemd
  Adds/ modifies systemd service files. Likely to achieve persistence.
  persistence privilege_escalation
- Write file to user bin folder
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Pre-OS Boot

Bootkit

Privilege Escalation

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

prometei_elfbotnetdiscoveryminerpersistenceprivilege_escalationstealerupx