stealthworker | dd7192e39a1b9bc7f81041b1af58775f649c9746ea3dca2ce2acdf4cf79a76e8 | Triage

Submit
Reports

Overview

overview

Static

static

dd7192e39a...9a76e8

ubuntu-18.04-amd64

9

Sharing

General

Target

dd7192e39a1b9bc7f81041b1af58775f649c9746ea3dca2ce2acdf4cf79a76e8
Size

8.2MB
Sample

220725-c6qcgsbch4
MD5

f06120e951ac7b534a04f8637ad65f82
SHA1

85a030f4f3ebcfd100fcb687737adf50ac23f066
SHA256

dd7192e39a1b9bc7f81041b1af58775f649c9746ea3dca2ce2acdf4cf79a76e8
SHA512

c3c41fef917f50e47900420cde9bf79c5f8872e9bece902f0e9e5dd5eede3adcb8b8abab8ceae614a176ec0df3fec5fa9c2fc0427d9175db7d14f2ab3be90676

Score

10^/10

stealthworker antivm botnet

Static task

static1

botnet stealthworker

2 signatures

Behavioral task

behavioral1

Sample

dd7192e39a1b9bc7f81041b1af58775f649c9746ea3dca2ce2acdf4cf79a76e8

Resource

ubuntu1804-amd64-en-20211208

ubuntu-18.04-amd64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  dd7192e39a1b9bc7f81041b1af58775f649c9746ea3dca2ce2acdf4cf79a76e8
- Size
  
  8.2MB
- MD5
  
  f06120e951ac7b534a04f8637ad65f82
- SHA1
  
  85a030f4f3ebcfd100fcb687737adf50ac23f066
- SHA256
  
  dd7192e39a1b9bc7f81041b1af58775f649c9746ea3dca2ce2acdf4cf79a76e8
- SHA512
  
  c3c41fef917f50e47900420cde9bf79c5f8872e9bece902f0e9e5dd5eede3adcb8b8abab8ceae614a176ec0df3fec5fa9c2fc0427d9175db7d14f2ab3be90676
Score

9^/10

antivm
- Attempts to identify hypervisor via CPU configuration
  Checks CPU information for indicators that the system is a virtual machine.
  antivm
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

botnetstealthworker

behavioral1

© 2018-2024

Terms | Privacy