Analysis Overview
score
10/10
SHA256
232985570c925c8f886bb24c8c6039a53b7c929cc2848572769ab2f69cea34a9
Threat Level: Known bad
The file vwkjebwi686.elf was found to be: Known bad.
Malicious Activity Summary
Mirai family
Deletes itself
Enumerates running processes
Changes its process name
Reads runtime system information
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2024-11-12 14:57
Signatures
Mirai family
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-12 14:57
Reported
2024-11-12 14:59
Platform
ubuntu2204-amd64-20240611-en
Max time kernel
149s
Max time network
139s
Command Line
[/tmp/vwkjebwi686.elf]
Signatures
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/vwkjebwi686.elf | N/A |
Enumerates running processes
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | httpd | /tmp/vwkjebwi686.elf | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/428/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/530/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/679/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/729/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/953/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1160/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1495/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1247/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/531/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/848/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1054/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1155/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1570/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1185/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1233/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1361/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1100/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1569/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/406/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/413/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/588/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1195/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/741/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1075/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/590/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/760/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1061/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1394/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/991/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1124/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1144/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1222/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/418/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/608/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1038/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1386/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/797/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/959/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/984/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1435/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/453/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/992/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1255/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1418/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/775/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1156/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1555/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/503/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/594/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/674/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1158/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1343/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1118/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1157/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/641/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/790/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/589/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1159/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1210/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1224/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/774/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1070/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/1174/exe | /tmp/vwkjebwi686.elf | N/A |
| File opened for reading | /proc/740/exe | /tmp/vwkjebwi686.elf | N/A |
Processes
/tmp/vwkjebwi686.elf
[/tmp/vwkjebwi686.elf]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | ksdjwi.eye-network.ru | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 154.216.16.109:33966 | ksdjwi.eye-network.ru | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 154.216.16.109:33966 | ksdjwi.eye-network.ru | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 154.216.16.109:33966 | ksdjwi.eye-network.ru | tcp |
Files
N/A