prometei_elf | 146c87ebb4fe1c73d421d580c909ad6cd7eb7011c656e67fe24f8263e9cfcba8 | Triage

Sharing

General

Target

na.elf
Size

425KB
Sample

250404-cxgnzszr14
MD5

52b5b3ef2e2b5aa653f7155f12787418
SHA1

2084ded5d2536774461f703df605e6725ccee83c
SHA256

146c87ebb4fe1c73d421d580c909ad6cd7eb7011c656e67fe24f8263e9cfcba8
SHA512

d66967c50fa63e9d5e073339cc8d68a70e42a338358c444c410183fb2cf4f23a07dc613e2a3251278eae7889edd37bc25e67f41631c3672cc38a1f30e8a73ab1
SSDEEP

6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitg1:25WOSACZSV6eKRH5EPiamb4DsDwwcl

Score

10^/10

prometei_elf botnet discovery linux miner persistence privilege_escalation upx

Malware Config

Targets

- Target
  
  na.elf
- Size
  
  425KB
- MD5
  
  52b5b3ef2e2b5aa653f7155f12787418
- SHA1
  
  2084ded5d2536774461f703df605e6725ccee83c
- SHA256
  
  146c87ebb4fe1c73d421d580c909ad6cd7eb7011c656e67fe24f8263e9cfcba8
- SHA512
  
  d66967c50fa63e9d5e073339cc8d68a70e42a338358c444c410183fb2cf4f23a07dc613e2a3251278eae7889edd37bc25e67f41631c3672cc38a1f30e8a73ab1
- SSDEEP
  
  6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitg1:25WOSACZSV6eKRH5EPiamb4DsDwwcl
Score

10^/10

prometei_elf botnet discovery miner persistence privilege_escalation upx
- Prometei
  Prometei is a multiplatform botnet used to mine cryptocurrency.
  botnet miner prometei_elf
- Prometei_elf family
  prometei_elf
- Deletes itself
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Modifies systemd
  Adds/ modifies systemd service files. Likely to achieve persistence.
  persistence privilege_escalation
- Write file to user bin folder
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Privilege Escalation

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

prometei_elfbotnetdiscoveryminerpersistenceprivilege_escalationupx