Overview

overview

10

Static

static

10

win.exe

windows7-x64

10

win.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    win.exe

  • Size

    6.8MB

  • Sample

    240306-a21ljsfc58

  • MD5

    0721b1d0c9c68c18116273f2c293ff21

  • SHA1

    dac53205b4ba718542138d90eb56f1641f5807b8

  • SHA256

    0c3ee3977deb2ab25d67d6b346b7c96497c4ff18b76678ca990b8493f23248a4

  • SHA512

    012ee21fa04e7e361d4565ba81cc8ba256fb48a75cc93c5c6ea1f77f1e69adc3a5c14275dfe358e72b6f41dd67d174c0bbb4ca26d39f9c08168ccbb9d06d3ba9

  • SSDEEP

    49152:k92mic7iMnbPvRUAm+ugRkqjR7Q8TOc5KubExvCsNGEgveIXB4IuBNT/IeswF69B:BmP7i+Rf0es5u2BNTAcSE8wIX

Score
10/10
stealthworkerbotnetdiscovery

Malware Config

Targets

    • Target

      win.exe

    • Size

      6.8MB

    • MD5

      0721b1d0c9c68c18116273f2c293ff21

    • SHA1

      dac53205b4ba718542138d90eb56f1641f5807b8

    • SHA256

      0c3ee3977deb2ab25d67d6b346b7c96497c4ff18b76678ca990b8493f23248a4

    • SHA512

      012ee21fa04e7e361d4565ba81cc8ba256fb48a75cc93c5c6ea1f77f1e69adc3a5c14275dfe358e72b6f41dd67d174c0bbb4ca26d39f9c08168ccbb9d06d3ba9

    • SSDEEP

      49152:k92mic7iMnbPvRUAm+ugRkqjR7Q8TOc5KubExvCsNGEgveIXB4IuBNT/IeswF69B:BmP7i+Rf0es5u2BNTAcSE8wIX

    Score
    10/10
    stealthworkerbotnetdiscovery

    • StealthWorker

      StealthWorker is golang-based brute force malware.

      botnetstealthworker

    • Contacts a large (4866) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops startup file

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks