stealthworker | 38ff3f5d90629fa2150f08166149f16756adbcd42c9c5bcd2dcec0db773b0a18 | Triage

Sharing

General

Target

6e2c640e5ac79fd488978f53fd7b1047
Size

8.2MB
Sample

240121-3yya8scahr
MD5

6e2c640e5ac79fd488978f53fd7b1047
SHA1

7ca2962f444b7e7d3b7278ad9ce74c330e676476
SHA256

38ff3f5d90629fa2150f08166149f16756adbcd42c9c5bcd2dcec0db773b0a18
SHA512

ef0fbd7581db6bc51821cf03fee7ff7ebf34eff51d9f871651bb2bfa20fee405ce5c01ce1ac8cc35d52cf915934f01cfdee02be2e497de7bf8e16d565fd4f09f
SSDEEP

98304:8bQUVZFz/Mg7nht3QFL9eKyBx1y8eiUlOX:InFTMyn/3QkWl

Score

10^/10

stealthworker antivm botnet linux persistence

Malware Config

Targets

- Target
  
  6e2c640e5ac79fd488978f53fd7b1047
- Size
  
  8.2MB
- MD5
  
  6e2c640e5ac79fd488978f53fd7b1047
- SHA1
  
  7ca2962f444b7e7d3b7278ad9ce74c330e676476
- SHA256
  
  38ff3f5d90629fa2150f08166149f16756adbcd42c9c5bcd2dcec0db773b0a18
- SHA512
  
  ef0fbd7581db6bc51821cf03fee7ff7ebf34eff51d9f871651bb2bfa20fee405ce5c01ce1ac8cc35d52cf915934f01cfdee02be2e497de7bf8e16d565fd4f09f
- SSDEEP
  
  98304:8bQUVZFz/Mg7nht3QFL9eKyBx1y8eiUlOX:InFTMyn/3QkWl
Score

6^/10

antivm persistence
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

botnetstealthworker

behavioral1

antivmpersistence