71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2

Analysis

max time kernel
150s
max time network
146s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
06-12-2024 10:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Aqua.arm7.elf
Size

216KB
MD5

a838a51cfee62f7282043699912f0d02
SHA1

94b755819285a51b28b7a0b130ccf75407bd78fb
SHA256

71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2
SHA512

b695ef3034130188b68a70bdc4101d25a80338beaf96324774c30618f0d2327c00d2b9d44dec8ca55fa11d70f989ab6995da3f314b802fc9186c8c38b504631b
SSDEEP

6144:Rdq+j3uigacvucaDxoWCZGq8kvVpM+uxGM/RzMIDN:R/j3u2aucadoWCZHP9p2xf/uIB

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
646	Aqua.arm7.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	645	Aqua.arm7.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/1111�#/cmdline	Aqua.arm7.elf
File opened for reading	/proc/77775/cmdline	Aqua.arm7.elf
File opened for reading	/proc/2222X,/cmdline	Aqua.arm7.elf
File opened for reading	/proc/6666�:/stat	Aqua.arm7.elf
File opened for reading	/proc/222v�"/cmdline	Aqua.arm7.elf
File opened for reading	/proc/999s�"/cmdline	Aqua.arm7.elf
File opened for reading	/proc/77772/cmdline	Aqua.arm7.elf
File opened for reading	/proc/2222z,/cmdline	Aqua.arm7.elf
File opened for reading	/proc/66666/cmdline	Aqua.arm7.elf
File opened for reading	/proc/77776/stat	Aqua.arm7.elf
File opened for reading	/proc/77776/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�6/cmdline	Aqua.arm7.elf
File opened for reading	/proc/77774/cmdline	Aqua.arm7.elf
File opened for reading	/proc/6666�9/cmdline	Aqua.arm7.elf
File opened for reading	/proc/6666�5/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�5/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�6/stat	Aqua.arm7.elf
File opened for reading	/proc/111�"/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�5/cmdline	Aqua.arm7.elf
File opened for reading	/proc/66664/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222v�"/stat	Aqua.arm7.elf
File opened for reading	/proc/66664/stat	Aqua.arm7.elf
File opened for reading	/proc/6666�4/cmdline	Aqua.arm7.elf
File opened for reading	/proc/6666�4/stat	Aqua.arm7.elf
File opened for reading	/proc/66665/cmdline	Aqua.arm7.elf
File opened for reading	/proc/77776/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�6/cmdline	Aqua.arm7.elf
File opened for reading	/proc/6666�7/stat	Aqua.arm7.elf
File opened for reading	/proc/222v�"/stat	Aqua.arm7.elf
File opened for reading	/proc/6666X5/stat	Aqua.arm7.elf
File opened for reading	/proc/77775/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�5/cmdline	Aqua.arm7.elf
File opened for reading	/proc/111�"/cmdline	Aqua.arm7.elf
File opened for reading	/proc/99/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�6/stat	Aqua.arm7.elf
File opened for reading	/proc/77777/stat	Aqua.arm7.elf
File opened for reading	/proc/6666�9/cmdline	Aqua.arm7.elf
File opened for reading	/proc/111m�"/cmdline	Aqua.arm7.elf
File opened for reading	/proc/111c�"/cmdline	Aqua.arm7.elf
File opened for reading	/proc/4444/stat	Aqua.arm7.elf
File opened for reading	/proc/666637/cmdline	Aqua.arm7.elf
File opened for reading	/proc/999�"/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222s�"/stat	Aqua.arm7.elf
File opened for reading	/proc/33334/stat	Aqua.arm7.elf
File opened for reading	/proc/66664/stat	Aqua.arm7.elf
File opened for reading	/proc/6666R4/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�6/stat	Aqua.arm7.elf
File opened for reading	/proc/66666/stat	Aqua.arm7.elf
File opened for reading	/proc/222�"/cmdline	Aqua.arm7.elf
File opened for reading	/proc/1111�3/stat	Aqua.arm7.elf
File opened for reading	/proc/3333/stat	Aqua.arm7.elf
File opened for reading	/proc/6666 4/stat	Aqua.arm7.elf
File opened for reading	/proc/77778ll�"/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777H6/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222l�"/cmdline	Aqua.arm7.elf
File opened for reading	/proc/44/cmdline	Aqua.arm7.elf
File opened for reading	/proc/2222H*/cmdline	Aqua.arm7.elf
File opened for reading	/proc/88ll�"/stat	Aqua.arm7.elf
File opened for reading	/proc/2222X,/stat	Aqua.arm7.elf
File opened for reading	/proc/77776/cmdline	Aqua.arm7.elf
File opened for reading	/proc/77776/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�7/stat	Aqua.arm7.elf
File opened for reading	/proc/4444/cmdline	Aqua.arm7.elf
File opened for reading	/proc/77772/stat	Aqua.arm7.elf

/tmp/Aqua.arm7.elf
/tmp/Aqua.arm7.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:645

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads