stealthworker | a673af17dc8d5767b44bc42574d7aefa399b0542428853beb6d0d9aefc2bab5e | Triage

Sharing

General

Target

b0479928916703b30f8c6e3aca4f8c5e
Size

7.1MB
Sample

231220-panj8sgbbn
MD5

b0479928916703b30f8c6e3aca4f8c5e
SHA1

2f9735e35042e0c142a2054b81794360525c9ba1
SHA256

a673af17dc8d5767b44bc42574d7aefa399b0542428853beb6d0d9aefc2bab5e
SHA512

6de577b16c1f988dea952d91a6ef1a2b72b43311a460e05d20aaeeb903acf9424525682f8ef8999dce4581b875654f7e883ea87d38100ba3f41116d040978019
SSDEEP

49152:72QqTRKbP/d0yi152aBr2w8cQrSWW1dqcDiOztKpYSM2jef/1diI1BWUlMX:72pTRC0p152a+nSQujztkM2OdiWoX

Score

10^/10

stealthworker antivm botnet persistence

Malware Config

Targets

- Target
  
  b0479928916703b30f8c6e3aca4f8c5e
- Size
  
  7.1MB
- MD5
  
  b0479928916703b30f8c6e3aca4f8c5e
- SHA1
  
  2f9735e35042e0c142a2054b81794360525c9ba1
- SHA256
  
  a673af17dc8d5767b44bc42574d7aefa399b0542428853beb6d0d9aefc2bab5e
- SHA512
  
  6de577b16c1f988dea952d91a6ef1a2b72b43311a460e05d20aaeeb903acf9424525682f8ef8999dce4581b875654f7e883ea87d38100ba3f41116d040978019
- SSDEEP
  
  49152:72QqTRKbP/d0yi152aBr2w8cQrSWW1dqcDiOztKpYSM2jef/1diI1BWUlMX:72pTRC0p152a+nSQujztkM2OdiWoX
Score

6^/10

antivm persistence
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

botnetstealthworker

behavioral1

antivmpersistence