Analysis Overview
score
10/10
SHA256
88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4
Threat Level: Known bad
The file wnbw86.elf was found to be: Known bad.
Malicious Activity Summary
Mirai family
Deletes itself
Enumerates running processes
Changes its process name
Reads runtime system information
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2024-11-12 15:02
Signatures
Mirai family
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-12 15:02
Reported
2024-11-12 15:04
Platform
ubuntu2004-amd64-20240611-en
Max time kernel
149s
Max time network
148s
Command Line
[/tmp/wnbw86.elf]
Signatures
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/wnbw86.elf | N/A |
Enumerates running processes
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | httpd | /tmp/wnbw86.elf | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/919/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/1085/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/1152/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/458/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/638/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/648/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/658/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/873/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/504/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/973/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/994/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/1026/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/1092/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/1101/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/406/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/609/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/840/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/956/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/967/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/878/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/1132/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/1184/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/1393/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/404/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/534/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/931/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/1073/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/1125/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/1231/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/1249/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/460/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/479/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/812/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/885/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/1116/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/1093/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/1113/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/452/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/687/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/809/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/874/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/980/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/494/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/584/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/803/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/1102/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/1109/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/1123/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/565/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/568/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/645/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/765/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/961/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/1401/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/446/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/636/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/1392/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/1108/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/1382/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/447/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/1040/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/1053/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/1083/exe | /tmp/wnbw86.elf | N/A |
| File opened for reading | /proc/1100/exe | /tmp/wnbw86.elf | N/A |
Processes
/tmp/wnbw86.elf
[/tmp/wnbw86.elf]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | ksdjwi.eye-network.ru | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 154.216.16.109:33966 | ksdjwi.eye-network.ru | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 154.216.16.109:33966 | ksdjwi.eye-network.ru | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 154.216.16.109:33966 | ksdjwi.eye-network.ru | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
Files
N/A