prometei_elf | 1241e414ad28fc05ca54d7c6db017b6e0bceb88f46965a2906297ff5cc8e8590 | Triage

Sharing

General

Target

na.elf
Size

425KB
Sample

250404-hkdpfs1zex
MD5

34264154aadb1ccce912a74721e1cf80
SHA1

e8fe0246b3a018721968b9afa271f08791f2bd3a
SHA256

1241e414ad28fc05ca54d7c6db017b6e0bceb88f46965a2906297ff5cc8e8590
SHA512

2539ed365c6f73724600ad63ddbe0214389588df4d2446bfeabe3ee4ab23f01e023ff82f233bcc89f4a40cb9a8e8ac1d7fa3f5c3d6209515e530d2d1f12d888d
SSDEEP

6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgM:25WOSACZSV6eKRH5EPiamb4DsDwwcc

Score

10^/10

prometei_elf botnet discovery linux miner persistence privilege_escalation upx

Malware Config

Targets

- Target
  
  na.elf
- Size
  
  425KB
- MD5
  
  34264154aadb1ccce912a74721e1cf80
- SHA1
  
  e8fe0246b3a018721968b9afa271f08791f2bd3a
- SHA256
  
  1241e414ad28fc05ca54d7c6db017b6e0bceb88f46965a2906297ff5cc8e8590
- SHA512
  
  2539ed365c6f73724600ad63ddbe0214389588df4d2446bfeabe3ee4ab23f01e023ff82f233bcc89f4a40cb9a8e8ac1d7fa3f5c3d6209515e530d2d1f12d888d
- SSDEEP
  
  6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgM:25WOSACZSV6eKRH5EPiamb4DsDwwcc
Score

10^/10

prometei_elf botnet discovery miner persistence privilege_escalation upx
- Prometei
  Prometei is a multiplatform botnet used to mine cryptocurrency.
  botnet miner prometei_elf
- Prometei_elf family
  prometei_elf
- Deletes itself
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Modifies systemd
  Adds/ modifies systemd service files. Likely to achieve persistence.
  persistence privilege_escalation
- Write file to user bin folder
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Privilege Escalation

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

prometei_elfbotnetdiscoveryminerpersistenceprivilege_escalationupx