stealthworker | c37290f320f0ff640fe3e8764ba359427c3055d1eb1eebcc557a956708bd5d8e | Triage

Sharing

General

Target

e05f8762256d965476733822af855604_JaffaCakes118
Size

2.1MB
Sample

240914-rsw1faygjf
MD5

e05f8762256d965476733822af855604
SHA1

f198d259101ad85e2bc03582680c19260e76e79b
SHA256

c37290f320f0ff640fe3e8764ba359427c3055d1eb1eebcc557a956708bd5d8e
SHA512

1e1ef1f0218552d4bc0088c17995499880cdc810ae158e12a19558de5629aafe0a7e0011b14b303e5abc1ec6f9fa7f0eeb667f1be10d81628ddeddb8fd59726f
SSDEEP

49152:w7cNuGXqqcjPLk+SZYI7iWxqwrYZb+zwyj5bCtHRzIhElUhkAps1:w7cN9DcjjknZPxqmpkIh8Uhb4

Score

10^/10

stealthworker botnet discovery

Malware Config

Extracted

Family

stealthworker

Version

3.12

C2

http://176.121.14.53:8888

Targets

- Target
  
  e05f8762256d965476733822af855604_JaffaCakes118
- Size
  
  2.1MB
- MD5
  
  e05f8762256d965476733822af855604
- SHA1
  
  f198d259101ad85e2bc03582680c19260e76e79b
- SHA256
  
  c37290f320f0ff640fe3e8764ba359427c3055d1eb1eebcc557a956708bd5d8e
- SHA512
  
  1e1ef1f0218552d4bc0088c17995499880cdc810ae158e12a19558de5629aafe0a7e0011b14b303e5abc1ec6f9fa7f0eeb667f1be10d81628ddeddb8fd59726f
- SSDEEP
  
  49152:w7cNuGXqqcjPLk+SZYI7iWxqwrYZb+zwyj5bCtHRzIhElUhkAps1:w7cN9DcjjknZPxqmpkIh8Uhb4
Score

10^/10

stealthworker botnet discovery
- StealthWorker
  StealthWorker is golang-based brute force malware.
  botnet stealthworker
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealthworkerbotnetdiscovery

behavioral2

stealthworkerbotnetdiscovery