stealthworker | 071129b4866da8cb786298d4e569126ff4b2216382357ae9d8af70a51cbe624a | Triage

Sharing

General

Target

1094b5c3fcfeb6492e7d25bda6fe84cb
Size

6.9MB
Sample

231219-2fs35accd5
MD5

1094b5c3fcfeb6492e7d25bda6fe84cb
SHA1

f49d37312e3002cb4dbe480e1fb7bfc7d50ea02b
SHA256

071129b4866da8cb786298d4e569126ff4b2216382357ae9d8af70a51cbe624a
SHA512

fbaecf93a8bd701aab1fc7859507f56a228eea6a232420cd3ce9c1045cb960a03fb7ea010ad14a4991b2b4ff90a131f8c2da7498922b40c95ba5be6898ecc026
SSDEEP

49152:SCs7sxgEAE4fTPqbO9BwalW5u0qBFEeaHTOAE6kEKy+XJw9ZEOr2JcZ51NPtvGxL:m2gRE4eCPW5uLBFWT7+3UPVGGmQWCIX

Score

10^/10

stealthworker antivm botnet linux persistence

Malware Config

Targets

- Target
  
  1094b5c3fcfeb6492e7d25bda6fe84cb
- Size
  
  6.9MB
- MD5
  
  1094b5c3fcfeb6492e7d25bda6fe84cb
- SHA1
  
  f49d37312e3002cb4dbe480e1fb7bfc7d50ea02b
- SHA256
  
  071129b4866da8cb786298d4e569126ff4b2216382357ae9d8af70a51cbe624a
- SHA512
  
  fbaecf93a8bd701aab1fc7859507f56a228eea6a232420cd3ce9c1045cb960a03fb7ea010ad14a4991b2b4ff90a131f8c2da7498922b40c95ba5be6898ecc026
- SSDEEP
  
  49152:SCs7sxgEAE4fTPqbO9BwalW5u0qBFEeaHTOAE6kEKy+XJw9ZEOr2JcZ51NPtvGxL:m2gRE4eCPW5uLBFWT7+3UPVGGmQWCIX
Score

6^/10

antivm persistence
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

botnetstealthworker

behavioral1

antivmpersistence