Overview

overview

10

Static

static

18a4352b21...02.elf

debian-9-mips

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    18a4352b2101b4fa81652d5fce34b08ed7def8bd40e413cebf991ede97692a02.zip

  • Size

    1.9MB

  • Sample

    221012-tg8k7saeh6

  • MD5

    82a12966ce4fa5990828c528d25871db

  • SHA1

    30c8c9325fcca1d3cd701c9094256d7f6087b366

  • SHA256

    4cd12fce3d2b359f22d6ff7531db3e23ab1ae7c257549b9bd5a049f405feb726

  • SHA512

    cf9b400c677e91baf78b186e353374cc13db3f3a4de0100de4a7df2f5b5c7544f4a7d0b1c79e3495c15bb1eb970387fb6d2739f328ec176bb5c28bf80da397e3

  • SSDEEP

    49152:Cemb7RHvm1ErcAGz4MWscR/BFnGBXHGXm6bSBZ:CemN8ER0JHGXm/BZ

Score
10/10
stealthworkerantivmbotnet

Malware Config

Targets

    • Target

      18a4352b2101b4fa81652d5fce34b08ed7def8bd40e413cebf991ede97692a02.elf

    • Size

      1.9MB

    • MD5

      ae5592bdb0464f06c88f665282991b82

    • SHA1

      be5bf9dfec7fae911666060f584b4ffd0b04185f

    • SHA256

      18a4352b2101b4fa81652d5fce34b08ed7def8bd40e413cebf991ede97692a02

    • SHA512

      4c57878362b342a0928c8ddcb3fccff79be1ee0164e4f16c2d5169d14ea8ce322ac37693f965e8584fa950d733b70fe3d084cce4cf3675d62104482404b870a0

    • SSDEEP

      49152:Um7vtBcWDjchCCpjy3WT/N7SExRtmbj2mEE5MBn:U67cWDoggmrExRtmbHEE2Bn

    Score
    10/10
    stealthworkerantivmbotnet

    • StealthWorker

      StealthWorker is golang-based brute force malware.

      botnetstealthworker

    • Attempts to identify hypervisor via CPU configuration

      Checks CPU information for indicators that the system is a virtual machine.

      antivm

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Writes DNS configuration

      Writes data to DNS resolver config file.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

1
T1568

Impact

Tasks