General
-
Target
5b0b9aed0b0ab715fde2c3c1e7845cf48cda5d458df7d63c9f41bd896b96de9f
-
Size
2.3MB
-
Sample
220503-freh8abae2
-
MD5
d0942bd2a774b194c94d7a5c6bee836a
-
SHA1
931b4643e2d42bf12256652922f954d20c82e3dd
-
SHA256
5b0b9aed0b0ab715fde2c3c1e7845cf48cda5d458df7d63c9f41bd896b96de9f
-
SHA512
3369c708a540140a822adab73de75299c9a79fca339838b0cdc70d049f4aa0594ed59c135d3fb5ca7ef0af6031880d39c9fced099de27dd7de4c97578b76a678
Static task
static1
Behavioral task
behavioral1
Sample
5b0b9aed0b0ab715fde2c3c1e7845cf48cda5d458df7d63c9f41bd896b96de9f
Resource
ubuntu1804-amd64-en-20211208
Malware Config
Targets
-
-
Target
5b0b9aed0b0ab715fde2c3c1e7845cf48cda5d458df7d63c9f41bd896b96de9f
-
Size
2.3MB
-
MD5
d0942bd2a774b194c94d7a5c6bee836a
-
SHA1
931b4643e2d42bf12256652922f954d20c82e3dd
-
SHA256
5b0b9aed0b0ab715fde2c3c1e7845cf48cda5d458df7d63c9f41bd896b96de9f
-
SHA512
3369c708a540140a822adab73de75299c9a79fca339838b0cdc70d049f4aa0594ed59c135d3fb5ca7ef0af6031880d39c9fced099de27dd7de4c97578b76a678
Score10/10-
suricata: ET MALWARE GoBrut/StealthWorker Requesting Brute Force List (flowbit set)
suricata: ET MALWARE GoBrut/StealthWorker Requesting Brute Force List (flowbit set)
-
suricata: ET MALWARE GoBrut/StealthWorker Service Bruter CnC Activity
suricata: ET MALWARE GoBrut/StealthWorker Service Bruter CnC Activity
-
suricata: ET MALWARE GoBrut/StealthWorker Service Bruter CnC Checkin
suricata: ET MALWARE GoBrut/StealthWorker Service Bruter CnC Checkin
-
Attempts to identify hypervisor via CPU configuration
Checks CPU information for indicators that the system is a virtual machine.
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-