General

  • Target

    c4dea1d39e7c009a8dd333e5e84a0486_JaffaCakes118

  • Size

    3.9MB

  • Sample

    240827-m45z9sygkk

  • MD5

    c4dea1d39e7c009a8dd333e5e84a0486

  • SHA1

    fbfaa875ffd294b407d038439f8cb561c033cbe1

  • SHA256

    e251bbef2c33494c43462511bda36339cf2e8b1be5aa30bb77fdc5d168d28db4

  • SHA512

    377f196ea88f26f90610fa91543f264c7a710e348695580254458b47ef6f7f930d4adacf85c86eb6aa9461c4edaaa83fe65e0ce8f2b7371e8d54b3c7c2de8da6

  • SSDEEP

    98304:HKIr+ZQqjWg00mSvAbQ05eKz4U0BAyHkVTFl:qI6Sg2vQ9KzDFFl

Malware Config

Extracted

Family

stealthworker

Version

3.06

C2

http://190.97.167.130:8081

Extracted

Family

stealthworker

Targets

    • Target

      c4dea1d39e7c009a8dd333e5e84a0486_JaffaCakes118

    • Size

      3.9MB

    • MD5

      c4dea1d39e7c009a8dd333e5e84a0486

    • SHA1

      fbfaa875ffd294b407d038439f8cb561c033cbe1

    • SHA256

      e251bbef2c33494c43462511bda36339cf2e8b1be5aa30bb77fdc5d168d28db4

    • SHA512

      377f196ea88f26f90610fa91543f264c7a710e348695580254458b47ef6f7f930d4adacf85c86eb6aa9461c4edaaa83fe65e0ce8f2b7371e8d54b3c7c2de8da6

    • SSDEEP

      98304:HKIr+ZQqjWg00mSvAbQ05eKz4U0BAyHkVTFl:qI6Sg2vQ9KzDFFl

    • StealthWorker

      StealthWorker is golang-based brute force malware.

    • Drops startup file

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks