stealthworker | 1508b00b2e19baf5908399611bdf94543b91a4fc9fca2eaeee3d7687f5401a0c | Triage

Sharing

General

Target

f8718add84732dd6660894179dbfccd8_JaffaCakes118
Size

8.2MB
Sample

240926-qe6r2syelj
MD5

f8718add84732dd6660894179dbfccd8
SHA1

4068a93f57e927ae34a4b269772672bbca7721c0
SHA256

1508b00b2e19baf5908399611bdf94543b91a4fc9fca2eaeee3d7687f5401a0c
SHA512

b62a232ff83421c0373b2269ac884f1bbfecf46d1225ef6979faa5248d97238e789dc8d69de0c3617929045342e91ae983f9aeccb168331b4526cf3ab2ebaf8c
SSDEEP

49152:fiLFADAYRjNVSxL2uT+sl1Yot57L/7/FmHCPb9b/c1f77MzJ471ac1m4tazngbW/:XaxMutFL/BwabreC4z6hLD7RBxtqNOX

Score

10^/10

stealthworker antivm botnet discovery execution linux persistence privilege_escalatio

Malware Config

Extracted

Family

stealthworker

Version

3.02

C2

http://45.89.228.105:28080

Targets

- Target
  
  f8718add84732dd6660894179dbfccd8_JaffaCakes118
- Size
  
  8.2MB
- MD5
  
  f8718add84732dd6660894179dbfccd8
- SHA1
  
  4068a93f57e927ae34a4b269772672bbca7721c0
- SHA256
  
  1508b00b2e19baf5908399611bdf94543b91a4fc9fca2eaeee3d7687f5401a0c
- SHA512
  
  b62a232ff83421c0373b2269ac884f1bbfecf46d1225ef6979faa5248d97238e789dc8d69de0c3617929045342e91ae983f9aeccb168331b4526cf3ab2ebaf8c
- SSDEEP
  
  49152:fiLFADAYRjNVSxL2uT+sl1Yot57L/7/FmHCPb9b/c1f77MzJ471ac1m4tazngbW/:XaxMutFL/BwabreC4z6hLD7RBxtqNOX
Score

6^/10

antivm discovery execution persistence privilege_escalatio
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalatio
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

botnetstealthworker

behavioral1

antivmdiscoveryexecutionpersistenceprivilege_escalatio