stealthworker | dd7192e39a1b9bc7f81041b1af58775f649c9746ea3dca2ce2acdf4cf79a76e8 | Triage

Sharing

General

Target

f06120e951ac7b534a04f8637ad65f82
Size

8.2MB
Sample

231220-vjprjscfg2
MD5

f06120e951ac7b534a04f8637ad65f82
SHA1

85a030f4f3ebcfd100fcb687737adf50ac23f066
SHA256

dd7192e39a1b9bc7f81041b1af58775f649c9746ea3dca2ce2acdf4cf79a76e8
SHA512

c3c41fef917f50e47900420cde9bf79c5f8872e9bece902f0e9e5dd5eede3adcb8b8abab8ceae614a176ec0df3fec5fa9c2fc0427d9175db7d14f2ab3be90676
SSDEEP

49152:oiLFADAYRjNVSxL2uT+sl1Yot57L/7/FmHCPb9b/c1f77MzJ471ac1m4tazngbW5:aaxMutFL/BwabreC4z6hLF7RBxtqNOX

Score

10^/10

stealthworker antivm botnet linux persistence

Malware Config

Targets

- Target
  
  f06120e951ac7b534a04f8637ad65f82
- Size
  
  8.2MB
- MD5
  
  f06120e951ac7b534a04f8637ad65f82
- SHA1
  
  85a030f4f3ebcfd100fcb687737adf50ac23f066
- SHA256
  
  dd7192e39a1b9bc7f81041b1af58775f649c9746ea3dca2ce2acdf4cf79a76e8
- SHA512
  
  c3c41fef917f50e47900420cde9bf79c5f8872e9bece902f0e9e5dd5eede3adcb8b8abab8ceae614a176ec0df3fec5fa9c2fc0427d9175db7d14f2ab3be90676
- SSDEEP
  
  49152:oiLFADAYRjNVSxL2uT+sl1Yot57L/7/FmHCPb9b/c1f77MzJ471ac1m4tazngbW5:aaxMutFL/BwabreC4z6hLF7RBxtqNOX
Score

6^/10

antivm persistence
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

botnetstealthworker

behavioral1

antivmpersistence