Overview

overview

10

Static

static

10

97e4dbe470...67a4ed

ubuntu-18.04-amd64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    97e4dbe4706e92a98d061b9c1a67a4ed

  • Size

    7.0MB

  • Sample

    231220-krjv6adcep

  • MD5

    97e4dbe4706e92a98d061b9c1a67a4ed

  • SHA1

    0f9424e7cc5100015717c954eada312ab272320a

  • SHA256

    85fcfc24c30cea3006d3001aef4e8c0fcd44743f7b2e3bf236402f964f71368b

  • SHA512

    f6926c9d2a9a0c5e45c1fa06a23f6c48ef3ef9f71fb494c83e8ecb315834b9dc106377a9ca4f2f659f6f0d455625c95e905466371d1373ea246841167b98bdd2

  • SSDEEP

    98304:K4qmZmgSoh0iDxpRqVlaCMiieYCXfhxIX:1hZml0Dx3enipCXZx

Score
10/10
stealthworkerantivmbotnetlinuxpersistence

Malware Config

Targets

    • Target

      97e4dbe4706e92a98d061b9c1a67a4ed

    • Size

      7.0MB

    • MD5

      97e4dbe4706e92a98d061b9c1a67a4ed

    • SHA1

      0f9424e7cc5100015717c954eada312ab272320a

    • SHA256

      85fcfc24c30cea3006d3001aef4e8c0fcd44743f7b2e3bf236402f964f71368b

    • SHA512

      f6926c9d2a9a0c5e45c1fa06a23f6c48ef3ef9f71fb494c83e8ecb315834b9dc106377a9ca4f2f659f6f0d455625c95e905466371d1373ea246841167b98bdd2

    • SSDEEP

      98304:K4qmZmgSoh0iDxpRqVlaCMiieYCXfhxIX:1hZml0Dx3enipCXZx

    Score
    6/10
    antivmpersistence

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks