General

  • Target

    5b0b9aed0b0ab715fde2c3c1e7845cf48cda5d458df7d63c9f41bd896b96de9f

  • Size

    2.3MB

  • Sample

    220503-freh8abae2

  • MD5

    d0942bd2a774b194c94d7a5c6bee836a

  • SHA1

    931b4643e2d42bf12256652922f954d20c82e3dd

  • SHA256

    5b0b9aed0b0ab715fde2c3c1e7845cf48cda5d458df7d63c9f41bd896b96de9f

  • SHA512

    3369c708a540140a822adab73de75299c9a79fca339838b0cdc70d049f4aa0594ed59c135d3fb5ca7ef0af6031880d39c9fced099de27dd7de4c97578b76a678

Malware Config

Targets

    • Target

      5b0b9aed0b0ab715fde2c3c1e7845cf48cda5d458df7d63c9f41bd896b96de9f

    • Size

      2.3MB

    • MD5

      d0942bd2a774b194c94d7a5c6bee836a

    • SHA1

      931b4643e2d42bf12256652922f954d20c82e3dd

    • SHA256

      5b0b9aed0b0ab715fde2c3c1e7845cf48cda5d458df7d63c9f41bd896b96de9f

    • SHA512

      3369c708a540140a822adab73de75299c9a79fca339838b0cdc70d049f4aa0594ed59c135d3fb5ca7ef0af6031880d39c9fced099de27dd7de4c97578b76a678

    • StealthWorker

      StealthWorker is golang-based brute force malware.

    • suricata: ET MALWARE GoBrut/StealthWorker Requesting Brute Force List (flowbit set)

      suricata: ET MALWARE GoBrut/StealthWorker Requesting Brute Force List (flowbit set)

    • suricata: ET MALWARE GoBrut/StealthWorker Service Bruter CnC Activity

      suricata: ET MALWARE GoBrut/StealthWorker Service Bruter CnC Activity

    • suricata: ET MALWARE GoBrut/StealthWorker Service Bruter CnC Checkin

      suricata: ET MALWARE GoBrut/StealthWorker Service Bruter CnC Checkin

    • Attempts to identify hypervisor via CPU configuration

      Checks CPU information for indicators that the system is a virtual machine.

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Writes DNS configuration

      Writes data to DNS resolver config file.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Virtualization/Sandbox Evasion

1
T1497

Command and Control

Dynamic Resolution

1
T1568

Tasks