stealthworker | 18a4352b2101b4fa81652d5fce34b08ed7def8bd40e413cebf991ede97692a02 | Triage

Submit
Reports

Overview

overview

Static

static

Mips.elf

debian-9-mips

Sharing

General

Target

Mips.elf
Size

1.9MB
Sample

221004-1h7hvscfd6
MD5

ae5592bdb0464f06c88f665282991b82
SHA1

be5bf9dfec7fae911666060f584b4ffd0b04185f
SHA256

18a4352b2101b4fa81652d5fce34b08ed7def8bd40e413cebf991ede97692a02
SHA512

4c57878362b342a0928c8ddcb3fccff79be1ee0164e4f16c2d5169d14ea8ce322ac37693f965e8584fa950d733b70fe3d084cce4cf3675d62104482404b870a0
SSDEEP

49152:Um7vtBcWDjchCCpjy3WT/N7SExRtmbj2mEE5MBn:U67cWDoggmrExRtmbHEE2Bn

Score

10^/10

stealthworker antivm botnet

Static task

static1

Behavioral task

behavioral1

Sample

Mips.elf

Resource

debian9-mipsbe-en-20211208

stealthworker antivm botnet

debian-9-mips

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  Mips.elf
- Size
  
  1.9MB
- MD5
  
  ae5592bdb0464f06c88f665282991b82
- SHA1
  
  be5bf9dfec7fae911666060f584b4ffd0b04185f
- SHA256
  
  18a4352b2101b4fa81652d5fce34b08ed7def8bd40e413cebf991ede97692a02
- SHA512
  
  4c57878362b342a0928c8ddcb3fccff79be1ee0164e4f16c2d5169d14ea8ce322ac37693f965e8584fa950d733b70fe3d084cce4cf3675d62104482404b870a0
- SSDEEP
  
  49152:Um7vtBcWDjchCCpjy3WT/N7SExRtmbj2mEE5MBn:U67cWDoggmrExRtmbHEE2Bn
Score

10^/10

stealthworker antivm botnet
- StealthWorker
  StealthWorker is golang-based brute force malware.
  botnet stealthworker
- Attempts to identify hypervisor via CPU configuration
  Checks CPU information for indicators that the system is a virtual machine.
  antivm
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

Impact

Tasks

static1

behavioral1

stealthworkerantivmbotnet

© 2018-2024

Terms | Privacy