Analysis
-
max time kernel
134s -
max time network
143s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
30-12-2024 02:08
Behavioral task
behavioral1
Sample
wkb86.elf
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
4 signatures
150 seconds
General
-
Target
wkb86.elf
-
Size
113KB
-
MD5
ec4d3b9be60373ba321b521625ab426f
-
SHA1
568c9d4dfd69bca44145fad56d4bfc05c4019df2
-
SHA256
20cf7c5d9e847564dedbd5374bf3909ee98ee52a5f3e99fa28ab45c0ef9ff008
-
SHA512
25ad0359311e97ce017d88e60e490ec8fefdfe6a0af95d51db6102c07b44024f9618a53a779b20607741e68d6e7b8d470b1aecddf89e574ff0004f2a0d42f80f
-
SSDEEP
3072:qQqD7K0a4sqPEd6WbkGITR+c7NIAhL2DsPcQsYs:3qXKz45q6WbVAl+kcQJs
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1589 wkb86.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself httpd 1588 wkb86.elf -
description ioc Process File opened for reading /proc/5/cmdline wkb86.elf File opened for reading /proc/22/cmdline wkb86.elf File opened for reading /proc/162/cmdline wkb86.elf File opened for reading /proc/211/cmdline wkb86.elf File opened for reading /proc/399/cmdline wkb86.elf File opened for reading /proc/840/cmdline wkb86.elf File opened for reading /proc/17/cmdline wkb86.elf File opened for reading /proc/259/cmdline wkb86.elf File opened for reading /proc/590/cmdline wkb86.elf File opened for reading /proc/980/cmdline wkb86.elf File opened for reading /proc/1164/cmdline wkb86.elf File opened for reading /proc/1107/cmdline wkb86.elf File opened for reading /proc/6/cmdline wkb86.elf File opened for reading /proc/92/cmdline wkb86.elf File opened for reading /proc/118/cmdline wkb86.elf File opened for reading /proc/216/cmdline wkb86.elf File opened for reading /proc/411/cmdline wkb86.elf File opened for reading /proc/777/cmdline wkb86.elf File opened for reading /proc/8/cmdline wkb86.elf File opened for reading /proc/96/cmdline wkb86.elf File opened for reading /proc/210/cmdline wkb86.elf File opened for reading /proc/750/cmdline wkb86.elf File opened for reading /proc/1070/cmdline wkb86.elf File opened for reading /proc/89/cmdline wkb86.elf File opened for reading /proc/225/cmdline wkb86.elf File opened for reading /proc/863/cmdline wkb86.elf File opened for reading /proc/953/cmdline wkb86.elf File opened for reading /proc/27/cmdline wkb86.elf File opened for reading /proc/310/cmdline wkb86.elf File opened for reading /proc/1092/cmdline wkb86.elf File opened for reading /proc/1167/cmdline wkb86.elf File opened for reading /proc/13/cmdline wkb86.elf File opened for reading /proc/219/cmdline wkb86.elf File opened for reading /proc/602/cmdline wkb86.elf File opened for reading /proc/1056/cmdline wkb86.elf File opened for reading /proc/1074/cmdline wkb86.elf File opened for reading /proc/83/cmdline wkb86.elf File opened for reading /proc/98/cmdline wkb86.elf File opened for reading /proc/214/cmdline wkb86.elf File opened for reading /proc/223/cmdline wkb86.elf File opened for reading /proc/582/cmdline wkb86.elf File opened for reading /proc/868/cmdline wkb86.elf File opened for reading /proc/1170/cmdline wkb86.elf File opened for reading /proc/968/cmdline wkb86.elf File opened for reading /proc/1030/cmdline wkb86.elf File opened for reading /proc/7/cmdline wkb86.elf File opened for reading /proc/217/cmdline wkb86.elf File opened for reading /proc/220/cmdline wkb86.elf File opened for reading /proc/498/cmdline wkb86.elf File opened for reading /proc/520/cmdline wkb86.elf File opened for reading /proc/634/cmdline wkb86.elf File opened for reading /proc/1154/cmdline wkb86.elf File opened for reading /proc/23/cmdline wkb86.elf File opened for reading /proc/79/cmdline wkb86.elf File opened for reading /proc/405/cmdline wkb86.elf File opened for reading /proc/838/cmdline wkb86.elf File opened for reading /proc/109/cmdline wkb86.elf File opened for reading /proc/413/cmdline wkb86.elf File opened for reading /proc/669/cmdline wkb86.elf File opened for reading /proc/738/cmdline wkb86.elf File opened for reading /proc/745/cmdline wkb86.elf File opened for reading /proc/833/cmdline wkb86.elf File opened for reading /proc/1122/cmdline wkb86.elf File opened for reading /proc/11/cmdline wkb86.elf