Analysis
-
max time kernel
149s -
max time network
151s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240226-en -
resource tags
-
submitted
06/03/2024, 02:29
General
-
Target
9abd614cd0027048c86c4e4de67271dbc53b0361373da06cc5cebce8f7646ec4.elf
-
Size
2.5MB
-
MD5
241b87293b2cf3e9579810b55a45d1b9
-
SHA1
d2974053f4ce24a1f437ae6b683d30fcd5815475
-
SHA256
9abd614cd0027048c86c4e4de67271dbc53b0361373da06cc5cebce8f7646ec4
-
SHA512
ce1f6755230a07977a6a4636e7531dc3717f1162b81ebdefe22cd36a112fe626ef6277d69c285a35a809af51692d3ffa4a456b0e89a7a0d17e105699e05c49d2
-
SSDEEP
49152:Eq4TDswC9nb+Feo7ZWCIrWT8vg4NsqKaRkS+nkDoYaAeFU0WYdDmj/2:E/nqyFVuFvdt9k9QomnXMDmi
Malware Config
Signatures
-
StealthWorker
StealthWorker is golang-based brute force malware.
-
Checks CPU configuration 1 TTPs 2 IoCs
Checks CPU information which indicate if the system is a virtual machine.
-
Creates/modifies Cron job 1 TTPs 1 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Reads runtime system information 6 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 3 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/9abd614cd0027048c86c4e4de67271dbc53b0361373da06cc5cebce8f7646ec4.elf/tmp/9abd614cd0027048c86c4e4de67271dbc53b0361373da06cc5cebce8f7646ec4.elf1⤵
- Reads runtime system information
-
/bin/catcat /proc/version2⤵
- Reads runtime system information
-
-
/bin/catcat /proc/cpuinfo1⤵
- Checks CPU configuration
-
/bin/unameuname -a1⤵
-
/usr/bin/getconfgetconf LONG_BIT1⤵
-
/tmp/9abd614cd0027048c86c4e4de67271dbc53b0361373da06cc5cebce8f7646ec4.elf"[stealth]"1⤵
- Reads runtime system information
-
/bin/catcat /proc/version2⤵
- Reads runtime system information
-
-
/bin/catcat /proc/cpuinfo2⤵
- Checks CPU configuration
-
-
/bin/unameuname -a1⤵
-
/usr/bin/getconfgetconf LONG_BIT1⤵
-
/usr/bin/crontab/usr/bin/crontab /tmp/nip9iNeiph5chee1⤵
- Creates/modifies Cron job
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4B
MD56b8eba43551742214453411664a0dcc8
SHA13c8101acb51e8f51363933e63bfb9106ec64d6e4
SHA256c27484c7087191b29f05f9c05efc20adeabbf7549f642629322532cb685ffb99
SHA512e3ad4f343d4640711b3f6b3f5d4bb4e0077a7cfbecf5af9f5c6b4acfcf66ca669bed3d0d47eeeac6c1481efe345c37415526df688f7666abaea28bed4507ed0b
-
Filesize
102B
MD5b5f2fdc6f4ffe4261d80dafec74858c7
SHA1219d621ea565826aa7f04244713a025de8898852
SHA2563a7e8528e970d2db6f906084103405933fb6efe8951f6e8666105a89a5840e5b
SHA5122f49d4db977343753112916616fa31f6f914c2924423ee95842fc084c43697db7a441514a606094ba352477bc323154de4c7adfacc0e9047504a0f80fe9df253
-
Filesize
296B
MD57d466476fc97d2f0a5261b50ffd20115
SHA1f304d23011126719aa02c2536cfce9bd1e4ffda7
SHA25650a925faf4df2be118bb8a9e573f5e3ddb0938b6dfdbcc85bd563f5d838397e8
SHA512fbed365e4527689f6d67e8a884528f9b11fd891eb8d3e67b3ec8794470fd3c493cbd2eb71311f56d5d206d3b0bdb1aeef33d80f0ef07a4645787236fd6e9e53c