stealthworker | 9abd614cd0027048c86c4e4de67271dbc53b0361373da06cc5cebce8f7646ec4 | Triage

Submit
Reports

Overview

overview

Static

static

7

241b87293b...b9.elf

ubuntu-20.04-amd64

Sharing

General

Target

241b87293b2cf3e9579810b55a45d1b9.elf
Size

2.5MB
Sample

240305-2q4bvabf6v
MD5

241b87293b2cf3e9579810b55a45d1b9
SHA1

d2974053f4ce24a1f437ae6b683d30fcd5815475
SHA256

9abd614cd0027048c86c4e4de67271dbc53b0361373da06cc5cebce8f7646ec4
SHA512

ce1f6755230a07977a6a4636e7531dc3717f1162b81ebdefe22cd36a112fe626ef6277d69c285a35a809af51692d3ffa4a456b0e89a7a0d17e105699e05c49d2
SSDEEP

49152:Eq4TDswC9nb+Feo7ZWCIrWT8vg4NsqKaRkS+nkDoYaAeFU0WYdDmj/2:E/nqyFVuFvdt9k9QomnXMDmi

Score

10^/10

stealthworker antivm botnet discovery linux persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

241b87293b2cf3e9579810b55a45d1b9.elf

Resource

ubuntu2004-amd64-20240221-en

stealthworker antivm botnet discovery persistence

ubuntu-20.04-amd64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  241b87293b2cf3e9579810b55a45d1b9.elf
- Size
  
  2.5MB
- MD5
  
  241b87293b2cf3e9579810b55a45d1b9
- SHA1
  
  d2974053f4ce24a1f437ae6b683d30fcd5815475
- SHA256
  
  9abd614cd0027048c86c4e4de67271dbc53b0361373da06cc5cebce8f7646ec4
- SHA512
  
  ce1f6755230a07977a6a4636e7531dc3717f1162b81ebdefe22cd36a112fe626ef6277d69c285a35a809af51692d3ffa4a456b0e89a7a0d17e105699e05c49d2
- SSDEEP
  
  49152:Eq4TDswC9nb+Feo7ZWCIrWT8vg4NsqKaRkS+nkDoYaAeFU0WYdDmj/2:E/nqyFVuFvdt9k9QomnXMDmi
Score

10^/10

stealthworker antivm botnet discovery persistence
- StealthWorker
  StealthWorker is golang-based brute force malware.
  botnet stealthworker
- Contacts a large (6832) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Network Service Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealthworkerantivmbotnetdiscoverypersistence

© 2018-2024

Terms | Privacy