stealthworker | db15574f45e8fb6ac488aca592ab4be04ddeff01a5142053f42692ec6a9063c6 | Triage

Sharing

General

Target

c59810f6f9978143f338a069115de3bd
Size

8.2MB
Sample

231220-rpbkbscha4
MD5

c59810f6f9978143f338a069115de3bd
SHA1

488d0526c01a739ce1c09223157796b14c8bf778
SHA256

db15574f45e8fb6ac488aca592ab4be04ddeff01a5142053f42692ec6a9063c6
SHA512

e264b650241e861953fcda7fdfe899b894524c97cbaeb5b4f5ade0eb44072e087741a02ebffcc1ebfec37025e564bae8fe6c8ed87744085c1dd95d71c1bd3ee1
SSDEEP

49152:fiLFADAYRjNVSxL2uT+sl1Yot57L/7/FmHCPb9b/c1f77MzJ471ac1m4tazngbW6:XaxMutFL/BwabreC4z6hL67RBxtqNOX

Score

10^/10

stealthworker antivm botnet linux persistence

Malware Config

Targets

- Target
  
  c59810f6f9978143f338a069115de3bd
- Size
  
  8.2MB
- MD5
  
  c59810f6f9978143f338a069115de3bd
- SHA1
  
  488d0526c01a739ce1c09223157796b14c8bf778
- SHA256
  
  db15574f45e8fb6ac488aca592ab4be04ddeff01a5142053f42692ec6a9063c6
- SHA512
  
  e264b650241e861953fcda7fdfe899b894524c97cbaeb5b4f5ade0eb44072e087741a02ebffcc1ebfec37025e564bae8fe6c8ed87744085c1dd95d71c1bd3ee1
- SSDEEP
  
  49152:fiLFADAYRjNVSxL2uT+sl1Yot57L/7/FmHCPb9b/c1f77MzJ471ac1m4tazngbW6:XaxMutFL/BwabreC4z6hL67RBxtqNOX
Score

6^/10

antivm persistence
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

botnetstealthworker

behavioral1

antivmpersistence