Overview

overview

10

Static

static

10

106db86e65...f53104

linux_amd64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    106db86e650ecabf95158ff04e0cb22e89682d792e31490e33828a74cff53104

  • Size

    8.2MB

  • Sample

    220701-gb6s7sgad5

  • MD5

    af7bee72c11cf18c92b171ff8494c652

  • SHA1

    e3316f59eb7de8a140b09a7a49d14e8a7ebfe0ac

  • SHA256

    106db86e650ecabf95158ff04e0cb22e89682d792e31490e33828a74cff53104

  • SHA512

    0f5c50f643c801186a71df6ff4114e666476c996f6211cd7f992e6116a1df8671d08c103468f5311b5be343f7ee8475b63ed0606d779b8413ff9ae2801c620a6

Score
10/10
stealthworkerantivmbotnetlinux

Malware Config

Targets

    • Target

      106db86e650ecabf95158ff04e0cb22e89682d792e31490e33828a74cff53104

    • Size

      8.2MB

    • MD5

      af7bee72c11cf18c92b171ff8494c652

    • SHA1

      e3316f59eb7de8a140b09a7a49d14e8a7ebfe0ac

    • SHA256

      106db86e650ecabf95158ff04e0cb22e89682d792e31490e33828a74cff53104

    • SHA512

      0f5c50f643c801186a71df6ff4114e666476c996f6211cd7f992e6116a1df8671d08c103468f5311b5be343f7ee8475b63ed0606d779b8413ff9ae2801c620a6

    Score
    9/10
    antivm

    • Attempts to identify hypervisor via CPU configuration

      Checks CPU information for indicators that the system is a virtual machine.

      antivm

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Writes DNS configuration

      Writes data to DNS resolver config file.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

1
T1568

Impact

Tasks