stealthworker | 106db86e650ecabf95158ff04e0cb22e89682d792e31490e33828a74cff53104 | Triage

Sharing

General

Target

af7bee72c11cf18c92b171ff8494c652
Size

8.2MB
Sample

231220-n6hs7affgl
MD5

af7bee72c11cf18c92b171ff8494c652
SHA1

e3316f59eb7de8a140b09a7a49d14e8a7ebfe0ac
SHA256

106db86e650ecabf95158ff04e0cb22e89682d792e31490e33828a74cff53104
SHA512

0f5c50f643c801186a71df6ff4114e666476c996f6211cd7f992e6116a1df8671d08c103468f5311b5be343f7ee8475b63ed0606d779b8413ff9ae2801c620a6
SSDEEP

49152:SCrFnDAYlIawNxM2uC2pKK4dTk6S2K/DQx1NZ7a/1Tx0MvJbO+y2w24mmBggbHoh:tWxQwkz2KLS+/x5h4G6hLL7xBxtqOOX

Score

10^/10

stealthworker antivm botnet linux persistence

Malware Config

Targets

- Target
  
  af7bee72c11cf18c92b171ff8494c652
- Size
  
  8.2MB
- MD5
  
  af7bee72c11cf18c92b171ff8494c652
- SHA1
  
  e3316f59eb7de8a140b09a7a49d14e8a7ebfe0ac
- SHA256
  
  106db86e650ecabf95158ff04e0cb22e89682d792e31490e33828a74cff53104
- SHA512
  
  0f5c50f643c801186a71df6ff4114e666476c996f6211cd7f992e6116a1df8671d08c103468f5311b5be343f7ee8475b63ed0606d779b8413ff9ae2801c620a6
- SSDEEP
  
  49152:SCrFnDAYlIawNxM2uC2pKK4dTk6S2K/DQx1NZ7a/1Tx0MvJbO+y2w24mmBggbHoh:tWxQwkz2KLS+/x5h4G6hLL7xBxtqOOX
Score

6^/10

antivm persistence
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

botnetstealthworker

behavioral1

antivmpersistence