stealthworker | 15b75fa3114a2dad6981e1a145cb45a9875948007a6e41ca2b2df4ad08aaff2b | Triage

Sharing

General

Target

15b75fa3114a2dad6981e1a145cb45a9875948007a6e41ca2b2df4ad08aaff2b.elf
Size

2.4MB
Sample

240306-ckyrqsgb51
MD5

9044d7e0ac4cab8917829cc22df9abda
SHA1

e3076668487ccb1091f8d02fbfed62627d3bfe55
SHA256

15b75fa3114a2dad6981e1a145cb45a9875948007a6e41ca2b2df4ad08aaff2b
SHA512

412d6456de87e3656446c0e096667b3d0c3a8bcc7088adc7f0622b6f563cc04e66932c09a0a165c50d57b22523bf70110e73ed830ea5ed8b055c6bd49243a487
SSDEEP

49152:I22aCIjTfiH8LnLf61ayqpTj0lB4ykrrpUymAI:zCsD1pTj0l+FGyO

Score

10^/10

stealthworker antivm botnet persistence upx

Malware Config

Targets

- Target
  
  15b75fa3114a2dad6981e1a145cb45a9875948007a6e41ca2b2df4ad08aaff2b.elf
- Size
  
  2.4MB
- MD5
  
  9044d7e0ac4cab8917829cc22df9abda
- SHA1
  
  e3076668487ccb1091f8d02fbfed62627d3bfe55
- SHA256
  
  15b75fa3114a2dad6981e1a145cb45a9875948007a6e41ca2b2df4ad08aaff2b
- SHA512
  
  412d6456de87e3656446c0e096667b3d0c3a8bcc7088adc7f0622b6f563cc04e66932c09a0a165c50d57b22523bf70110e73ed830ea5ed8b055c6bd49243a487
- SSDEEP
  
  49152:I22aCIjTfiH8LnLf61ayqpTj0lB4ykrrpUymAI:zCsD1pTj0l+FGyO
Score

10^/10

stealthworker antivm botnet persistence
- StealthWorker
  StealthWorker is golang-based brute force malware.
  botnet stealthworker
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealthworkerantivmbotnetpersistence