stealthworker | 886cd26fa4660884d84c43109c8ef94050d46bea1cf86b74b9783a2910882544 | Triage

Sharing

General

Target

6331e67f7b65d3b9c5b73d0b2adbc8a5
Size

7.0MB
Sample

231219-3eed1sfaaq
MD5

6331e67f7b65d3b9c5b73d0b2adbc8a5
SHA1

14886a4f5bdf7bd20f4bb1bcd20c7383d5040f46
SHA256

886cd26fa4660884d84c43109c8ef94050d46bea1cf86b74b9783a2910882544
SHA512

e3893ca72095b487d8c8b3267b834d6c7e22847a1a26c0d4f081998d987bbd83a9bab7d2245fc6fbf8aa960819456493bbb1c53ec4a9ab64b8f8642dbc83e039
SSDEEP

49152:ylSH1/kSHac5itA5XKLjrI66LkBePELYHYrfkBJ8Gdd6FoxVGlEten5WED+GBi6P:GWRHX5iPrJOaHYTBmGdW5WSFlhxaIX

Score

10^/10

stealthworker antivm botnet linux persistence

Malware Config

Targets

- Target
  
  6331e67f7b65d3b9c5b73d0b2adbc8a5
- Size
  
  7.0MB
- MD5
  
  6331e67f7b65d3b9c5b73d0b2adbc8a5
- SHA1
  
  14886a4f5bdf7bd20f4bb1bcd20c7383d5040f46
- SHA256
  
  886cd26fa4660884d84c43109c8ef94050d46bea1cf86b74b9783a2910882544
- SHA512
  
  e3893ca72095b487d8c8b3267b834d6c7e22847a1a26c0d4f081998d987bbd83a9bab7d2245fc6fbf8aa960819456493bbb1c53ec4a9ab64b8f8642dbc83e039
- SSDEEP
  
  49152:ylSH1/kSHac5itA5XKLjrI66LkBePELYHYrfkBJ8Gdd6FoxVGlEten5WED+GBi6P:GWRHX5iPrJOaHYTBmGdW5WSFlhxaIX
Score

6^/10

antivm persistence
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

botnetstealthworker

behavioral1

antivmpersistence