stealthworker | 0f4755f65c495d3711bf22271f85f1ee86da8b7a487e770f769af56e189be48c | Triage

Sharing

General

Target

47d704b79364e2ab333e614c166d0b7d
Size

7.0MB
Sample

231219-24hmasdea4
MD5

47d704b79364e2ab333e614c166d0b7d
SHA1

d29fb7df26ecef83abc99e5b4f0d9dd58ad0a2d6
SHA256

0f4755f65c495d3711bf22271f85f1ee86da8b7a487e770f769af56e189be48c
SHA512

a58054d2bf47e59d8ef48beda1089d35867faaebd3ee1bf023c95773dd74b79717e8f681eda005662736e873646bd0c2449fa27623f3e088ffce6a4e1dc70906
SSDEEP

98304:EE1b80T1Mv8SzjLZ/YJG9MMa2megmG5OFZj8KIX:n980JpSzBsMa2ac8K

Score

10^/10

stealthworker antivm botnet linux persistence

Malware Config

Targets

- Target
  
  47d704b79364e2ab333e614c166d0b7d
- Size
  
  7.0MB
- MD5
  
  47d704b79364e2ab333e614c166d0b7d
- SHA1
  
  d29fb7df26ecef83abc99e5b4f0d9dd58ad0a2d6
- SHA256
  
  0f4755f65c495d3711bf22271f85f1ee86da8b7a487e770f769af56e189be48c
- SHA512
  
  a58054d2bf47e59d8ef48beda1089d35867faaebd3ee1bf023c95773dd74b79717e8f681eda005662736e873646bd0c2449fa27623f3e088ffce6a4e1dc70906
- SSDEEP
  
  98304:EE1b80T1Mv8SzjLZ/YJG9MMa2megmG5OFZj8KIX:n980JpSzBsMa2ac8K
Score

6^/10

antivm persistence
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

botnetstealthworker

behavioral1

antivmpersistence