stealthworker | c9d2bdd222ccf792bec7386a41827f60a7a69ceb3b0556e8a80e5a7d51fdc3a4 | Triage

Sharing

General

Target

abfd73b9aebb60467a08de11d1ca46d8
Size

6.9MB
Sample

231220-np2vqshch7
MD5

abfd73b9aebb60467a08de11d1ca46d8
SHA1

9887f43415b8e02205be8dc21a5df455044e5e5a
SHA256

c9d2bdd222ccf792bec7386a41827f60a7a69ceb3b0556e8a80e5a7d51fdc3a4
SHA512

875bfa872b695c4680061562ab7473f906a8c7763ead20e4efe8bd66c9b412523573e4843f74a190080314920308dd29e8828443cdd9b0a425875baedbecfdb0
SSDEEP

49152:/Cx7MxgkgEYfTvKEu9BT6lW5j/qhlteaHTuAE6kkKy+CpQ9ZEurWpcZ51N4PvGx5:AWgREYeREW5jihlXT7+k04XGGmQWgIX

Score

10^/10

stealthworker antivm botnet linux persistence

Malware Config

Targets

- Target
  
  abfd73b9aebb60467a08de11d1ca46d8
- Size
  
  6.9MB
- MD5
  
  abfd73b9aebb60467a08de11d1ca46d8
- SHA1
  
  9887f43415b8e02205be8dc21a5df455044e5e5a
- SHA256
  
  c9d2bdd222ccf792bec7386a41827f60a7a69ceb3b0556e8a80e5a7d51fdc3a4
- SHA512
  
  875bfa872b695c4680061562ab7473f906a8c7763ead20e4efe8bd66c9b412523573e4843f74a190080314920308dd29e8828443cdd9b0a425875baedbecfdb0
- SSDEEP
  
  49152:/Cx7MxgkgEYfTvKEu9BT6lW5j/qhlteaHTuAE6kkKy+CpQ9ZEurWpcZ51N4PvGx5:AWgREYeREW5jihlXT7+k04XGGmQWgIX
Score

6^/10

antivm persistence
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

botnetstealthworker

behavioral1

antivmpersistence