stealthworker | f4345a8c7f841767e5173140c8b57aedb4b9ad2333950341a37ffc2d1ed3f47a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

da12ead920...23.elf

debian-9-armhf

Sharing

General

Target

da12ead92069e02db3b88d15ac2c2823.elf
Size

2.4MB
Sample

240305-2q4bvabf6w
MD5

da12ead92069e02db3b88d15ac2c2823
SHA1

297bf4ce9a344d6c27eba64bf1ddf2707567a2ef
SHA256

f4345a8c7f841767e5173140c8b57aedb4b9ad2333950341a37ffc2d1ed3f47a
SHA512

5769feee3276dbacae7a6711a7a5b7ddae425f689aa5655cb1bfb7dd4046a28ac075c807a8436a191542f97103c60ef42bcfd9110bb68a82891a2ab9b04cdd25
SSDEEP

49152:e5R845g7EfVpclzm6XRkQfqFWWrO7dE2UlFHuOqrJPLWziHTHpDj:eDqUpuzmiRFiXrWa2UlwrJWzGFj

Score

10^/10

stealthworker antivm botnet discovery persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

da12ead92069e02db3b88d15ac2c2823.elf

Resource

debian9-armhf-20240226-en

stealthworker antivm botnet discovery persistence

debian-9-armhf

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  da12ead92069e02db3b88d15ac2c2823.elf
- Size
  
  2.4MB
- MD5
  
  da12ead92069e02db3b88d15ac2c2823
- SHA1
  
  297bf4ce9a344d6c27eba64bf1ddf2707567a2ef
- SHA256
  
  f4345a8c7f841767e5173140c8b57aedb4b9ad2333950341a37ffc2d1ed3f47a
- SHA512
  
  5769feee3276dbacae7a6711a7a5b7ddae425f689aa5655cb1bfb7dd4046a28ac075c807a8436a191542f97103c60ef42bcfd9110bb68a82891a2ab9b04cdd25
- SSDEEP
  
  49152:e5R845g7EfVpclzm6XRkQfqFWWrO7dE2UlFHuOqrJPLWziHTHpDj:eDqUpuzmiRFiXrWa2UlwrJWzGFj
Score

10^/10

stealthworker antivm botnet discovery persistence
- StealthWorker
  StealthWorker is golang-based brute force malware.
  botnet stealthworker
- Contacts a large (1984) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Network Service Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealthworkerantivmbotnetdiscoverypersistence

© 2018-2025

Terms | Privacy