stealthworker | 0b9c5e27f55d565d115023d54acdb8c2fa35b6042a2fd7abcdb28a5dfc689654 | Triage

Sharing

General

Target

f0d0dacb6a9795bb1ff26acc4212187f
Size

7.0MB
Sample

231220-vkp4psdae5
MD5

f0d0dacb6a9795bb1ff26acc4212187f
SHA1

6f8b9647c7bdeb2c9d4ff0a96142d06e72877863
SHA256

0b9c5e27f55d565d115023d54acdb8c2fa35b6042a2fd7abcdb28a5dfc689654
SHA512

17cd4df2187a3d7e4b473ef22ecb2de8168faf74f24b91f567765ab7738e5fd605a3ffbfa1885ae2a2ecc052f5086717d947d1440130095484f0b0742922852e
SSDEEP

98304:RONp6CKQotPQzeK3q+wFpL+GB+sWk//V5LBJLyIX:QD6CpMQzXkVjJe

Score

10^/10

stealthworker antivm botnet linux persistence

Malware Config

Targets

- Target
  
  f0d0dacb6a9795bb1ff26acc4212187f
- Size
  
  7.0MB
- MD5
  
  f0d0dacb6a9795bb1ff26acc4212187f
- SHA1
  
  6f8b9647c7bdeb2c9d4ff0a96142d06e72877863
- SHA256
  
  0b9c5e27f55d565d115023d54acdb8c2fa35b6042a2fd7abcdb28a5dfc689654
- SHA512
  
  17cd4df2187a3d7e4b473ef22ecb2de8168faf74f24b91f567765ab7738e5fd605a3ffbfa1885ae2a2ecc052f5086717d947d1440130095484f0b0742922852e
- SSDEEP
  
  98304:RONp6CKQotPQzeK3q+wFpL+GB+sWk//V5LBJLyIX:QD6CpMQzXkVjJe
Score

6^/10

antivm persistence
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

botnetstealthworker

behavioral1

antivmpersistence