General
-
Target
nhsf
-
Size
2.3MB
-
Sample
211022-meef1scdaj
-
MD5
1ef3c964125121175c514bd14b353e33
-
SHA1
1b7e569494c7b59403c6d508fed7d772db9bea5e
-
SHA256
29b06a732723c164b33cc8203328cfb6b6f0f3d65310177dfde0e463091072d5
-
SHA512
6aa3f04909d1aca8c108b77b3cbb1f1ddc951c850740bd873c9b9a9d62ae3aa0262f7a3f29ca1a345c6dc2fff0c43083814a343ceb92721cc7f584a5e76da1c5
Static task
static1
Behavioral task
behavioral1
Sample
nhsf
Resource
ubuntu-amd64
Malware Config
Targets
-
-
Target
nhsf
-
Size
2.3MB
-
MD5
1ef3c964125121175c514bd14b353e33
-
SHA1
1b7e569494c7b59403c6d508fed7d772db9bea5e
-
SHA256
29b06a732723c164b33cc8203328cfb6b6f0f3d65310177dfde0e463091072d5
-
SHA512
6aa3f04909d1aca8c108b77b3cbb1f1ddc951c850740bd873c9b9a9d62ae3aa0262f7a3f29ca1a345c6dc2fff0c43083814a343ceb92721cc7f584a5e76da1c5
Score10/10-
suricata: ET MALWARE GoBrut/StealthWorker Requesting Brute Force List (flowbit set)
suricata: ET MALWARE GoBrut/StealthWorker Requesting Brute Force List (flowbit set)
-
suricata: ET MALWARE GoBrut/StealthWorker Service Bruter CnC Activity
suricata: ET MALWARE GoBrut/StealthWorker Service Bruter CnC Activity
-
suricata: ET MALWARE GoBrut/StealthWorker Service Bruter CnC Checkin
suricata: ET MALWARE GoBrut/StealthWorker Service Bruter CnC Checkin
-
Attempts to identify hypervisor via CPU configuration
Checks CPU information for indicators that the system is a virtual machine.
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-