68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9

Analysis

max time kernel
144s
max time network
150s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
09-12-2024 09:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Aqua.arm7.elf
Size

214KB
MD5

e543ad9b455dc9aca86d9cada1fd9454
SHA1

fa4a260b769df0888cedbb3d0d5be7e71e93c72f
SHA256

68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9
SHA512

34051c62843aeea37c58199348a58af22f3d669feba0f281b14e9a7e0dbb50c7d193a68c1b05af8107e82ff2e392b0b030f6deaa35b1075496bb42e1232a4ccb
SSDEEP

6144:Rdq+j3uigacvucaDxoWCZGq8kvVpM+uxGM/RzMIDW:R/j3u2aucadoWCZHP9p2xf/uI6

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
709	Aqua.arm7.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	707	Aqua.arm7.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/3333�4/cmdline	Aqua.arm7.elf
File opened for reading	/proc/111us/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/1111�2/cmdline	Aqua.arm7.elf
File opened for reading	/proc/2222</cmdline	Aqua.arm7.elf
File opened for reading	/proc/333s�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/1111 </cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333y4/cmdline	Aqua.arm7.elf
File opened for reading	/proc/6666�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/333s�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/1111�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777</cmdline	Aqua.arm7.elf
File opened for reading	/proc/33/cmdline	Aqua.arm7.elf
File opened for reading	/proc/77/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222v�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222c�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/99ssi/cmdline	Aqua.arm7.elf
File opened for reading	/proc/111c}/cmdline	Aqua.arm7.elf
File opened for reading	/proc/444s�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/4444�8/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222/cmdline	Aqua.arm7.elf
File opened for reading	/proc/2222f4/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777</cmdline	Aqua.arm7.elf
File opened for reading	/proc/6666</cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777 </cmdline	Aqua.arm7.elf
File opened for reading	/proc/22/cmdline	Aqua.arm7.elf
File opened for reading	/proc/111u/cmdline	Aqua.arm7.elf
File opened for reading	/proc/111c{/cmdline	Aqua.arm7.elf
File opened for reading	/proc/6666�8/cmdline	Aqua.arm7.elf
File opened for reading	/proc/1111[0/cmdline	Aqua.arm7.elf
File opened for reading	/proc/6666</cmdline	Aqua.arm7.elf
File opened for reading	/proc/4444c7/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777</cmdline	Aqua.arm7.elf
File opened for reading	/proc/44/cmdline	Aqua.arm7.elf
File opened for reading	/proc/55/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222l�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/88/cmdline	Aqua.arm7.elf
File opened for reading	/proc/333�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333-5/cmdline	Aqua.arm7.elf
File opened for reading	/proc/66/cmdline	Aqua.arm7.elf
File opened for reading	/proc/333/cmdline	Aqua.arm7.elf
File opened for reading	/proc/555k�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/777/cmdline	Aqua.arm7.elf
File opened for reading	/proc/111/cmdline	Aqua.arm7.elf
File opened for reading	/proc/333385/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333G5/cmdline	Aqua.arm7.elf
File opened for reading	/proc/6666�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222m�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333fffffff/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333�4/cmdline	Aqua.arm7.elf
File opened for reading	/proc/33335/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333D7/cmdline	Aqua.arm7.elf
File opened for reading	/proc/11/cmdline	Aqua.arm7.elf
File opened for reading	/proc/111k/cmdline	Aqua.arm7.elf
File opened for reading	/proc/444/cmdline	Aqua.arm7.elf
File opened for reading	/proc/555/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/6666�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777/cmdline	Aqua.arm7.elf
File opened for reading	/proc/333�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/444d�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333�4/cmdline	Aqua.arm7.elf

/tmp/Aqua.arm7.elf
/tmp/Aqua.arm7.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:707

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads