prometei_elf | 183866d7f355acfe5d13f22cf7b73a920449756fde7a07dbb9d100ebbb5942e3 | Triage

Submit
Reports

Overview

overview

Static

static

5

na.elf

ubuntu-22.04-amd64

Sharing

General

Target

na.elf
Size

425KB
Sample

250404-fpq48ssp16
MD5

658a8c899015e6703a710ea2ab90e2b9
SHA1

3bf71a292fda8aa9199981f68cddeaae4e4edeea
SHA256

183866d7f355acfe5d13f22cf7b73a920449756fde7a07dbb9d100ebbb5942e3
SHA512

be00b53241d6f2ebbb6d00e666a77992e522712b210729182263e89235343bb0b0256601f377e55f778559adaf69cf46e8cc1e452c72a6c8a1a5d3af0e05c1ae
SSDEEP

6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgj:25WOSACZSV6eKRH5EPiamb4DsDwwcz

Score

10^/10

prometei_elf botnet discovery linux miner persistence privilege_escalation upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

na.elf

Resource

ubuntu2204-amd64-20250307-en

prometei_elf botnet discovery miner persistence privilege_escalation upx

ubuntu-22.04-amd64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  na.elf
- Size
  
  425KB
- MD5
  
  658a8c899015e6703a710ea2ab90e2b9
- SHA1
  
  3bf71a292fda8aa9199981f68cddeaae4e4edeea
- SHA256
  
  183866d7f355acfe5d13f22cf7b73a920449756fde7a07dbb9d100ebbb5942e3
- SHA512
  
  be00b53241d6f2ebbb6d00e666a77992e522712b210729182263e89235343bb0b0256601f377e55f778559adaf69cf46e8cc1e452c72a6c8a1a5d3af0e05c1ae
- SSDEEP
  
  6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgj:25WOSACZSV6eKRH5EPiamb4DsDwwcz
Score

10^/10

prometei_elf botnet discovery miner persistence privilege_escalation upx
- Prometei
  Prometei is a multiplatform botnet used to mine cryptocurrency.
  botnet miner prometei_elf
- Prometei_elf family
  prometei_elf
- Deletes itself
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Modifies systemd
  Adds/ modifies systemd service files. Likely to achieve persistence.
  persistence privilege_escalation
- Write file to user bin folder
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Privilege Escalation

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

prometei_elfbotnetdiscoveryminerpersistenceprivilege_escalationupx

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.