stealthworker | 71eed0656bcb2ca1f2f6af4cf073e14f17dadec7af9cd93153299c0fd4aa07c0 | Triage

Sharing

General

Target

afd986e0754c07002e764f8038a5fbf8
Size

8.2MB
Sample

231227-nv2f6agedn
MD5

afd986e0754c07002e764f8038a5fbf8
SHA1

bc18d23c16bbbadd6aa4ba226ff9cac0a9aafa20
SHA256

71eed0656bcb2ca1f2f6af4cf073e14f17dadec7af9cd93153299c0fd4aa07c0
SHA512

7ae76dd88f22ecc529d07606dba5cddd89f733980dccbed0e4dde83109775ea685d5bbc4813a5338666b12206a9ca6ffe66ff85024e76374c8c8b8c2625466ac
SSDEEP

49152:bK2IsqJ6+KCdOF87M6ee8ry770lDlzroschqayHQDx7XF/6jcRO8FYefPudx5zqn:vD+wFwz8raOVc76/6VfVf5rNOX

Score

10^/10

stealthworker antivm botnet linux persistence

Malware Config

Targets

- Target
  
  afd986e0754c07002e764f8038a5fbf8
- Size
  
  8.2MB
- MD5
  
  afd986e0754c07002e764f8038a5fbf8
- SHA1
  
  bc18d23c16bbbadd6aa4ba226ff9cac0a9aafa20
- SHA256
  
  71eed0656bcb2ca1f2f6af4cf073e14f17dadec7af9cd93153299c0fd4aa07c0
- SHA512
  
  7ae76dd88f22ecc529d07606dba5cddd89f733980dccbed0e4dde83109775ea685d5bbc4813a5338666b12206a9ca6ffe66ff85024e76374c8c8b8c2625466ac
- SSDEEP
  
  49152:bK2IsqJ6+KCdOF87M6ee8ry770lDlzroschqayHQDx7XF/6jcRO8FYefPudx5zqn:vD+wFwz8raOVc76/6VfVf5rNOX
Score

6^/10

antivm persistence
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

botnetstealthworker

behavioral1

antivmpersistence