General
-
Target
426f407414fb07db97da4d88630bf7a5be3ada280b39d5eff11cb727b772e1eb
-
Size
2.7MB
-
Sample
220503-freh8abae3
-
MD5
3e9b6a7bcddd52ff509f775876146464
-
SHA1
d57de50674cb4d1463a3c55297a8b61f2389e637
-
SHA256
426f407414fb07db97da4d88630bf7a5be3ada280b39d5eff11cb727b772e1eb
-
SHA512
d6fb76725c0e3aadb9161c9dcea4dc755b988c6341d4e4f5c8c6d47131527b362498c202ff307778f1e140b73e4aee7abc34a1966aa4006dce5c469288400b3d
Malware Config
Targets
-
-
Target
426f407414fb07db97da4d88630bf7a5be3ada280b39d5eff11cb727b772e1eb
-
Size
2.7MB
-
MD5
3e9b6a7bcddd52ff509f775876146464
-
SHA1
d57de50674cb4d1463a3c55297a8b61f2389e637
-
SHA256
426f407414fb07db97da4d88630bf7a5be3ada280b39d5eff11cb727b772e1eb
-
SHA512
d6fb76725c0e3aadb9161c9dcea4dc755b988c6341d4e4f5c8c6d47131527b362498c202ff307778f1e140b73e4aee7abc34a1966aa4006dce5c469288400b3d
Score10/10-
StealthWorker
StealthWorker is golang-based brute force malware.
-
suricata: ET MALWARE GoBrut/StealthWorker Requesting Brute Force List (flowbit set)
suricata: ET MALWARE GoBrut/StealthWorker Requesting Brute Force List (flowbit set)
-
suricata: ET MALWARE GoBrut/StealthWorker Service Bruter CnC Activity
suricata: ET MALWARE GoBrut/StealthWorker Service Bruter CnC Activity
-
suricata: ET MALWARE GoBrut/StealthWorker Service Bruter CnC Checkin
suricata: ET MALWARE GoBrut/StealthWorker Service Bruter CnC Checkin
-
Attempts to identify hypervisor via CPU configuration
Checks CPU information for indicators that the system is a virtual machine.
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-