This analysis examines the Prometei botnet's infiltration of a customer's system through a targeted brute force attack. Leveraging Trend Vision One, the investigation traced the botnet's detailed installation routine and stealthy tactics. Prometei, a modular malware family used for cryptocurrency mining and credential theft, spreads by exploiting vulnerabilities and using PowerShell scripts. The botnet downloads compressed archives containing various components to maintain control over infected devices. Key findings include the use of a domain generation algorithm for command and control, deployment of web shells, and connections to the Tor network. The threat actors behind Prometei are likely Russian-speaking individuals, as evidenced by language settings and targeting behaviors.