48b78ddbd3b8c071ec91c97dd91958dcc008cbc132b61ab2e04e719772cd5d24

Analysis

max time kernel
148s
max time network
150s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240522.1-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240522.1-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
25-12-2024 16:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Aqua.i686.elf
Size

65KB
MD5

d255631d3c4baf58c938eded123dc951
SHA1

a6db6a717726302e7b6f5f0ae1d9dbb2938e6d76
SHA256

48b78ddbd3b8c071ec91c97dd91958dcc008cbc132b61ab2e04e719772cd5d24
SHA512

5d3529c9ec1ccfee3a43841b5b9876573d6ed506715ae0b569238bfc6456e2d7fb7360cdefc7d23f687473fd3534c591ef4bcc90eb1549dc0b49be1174bf5337
SSDEEP

1536:R+XkIsiWIGc8k1KDVmUx6wPqHOCjWh8GNRaCrZqfCxCEEPR:R+XvsidGyKDVmUx6wPeOVKGNRaCl+h

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1567	Aqua.i686.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	1566	Aqua.i686.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/5/cmdline	Aqua.i686.elf
File opened for reading	/proc/415/cmdline	Aqua.i686.elf
File opened for reading	/proc/1043/cmdline	Aqua.i686.elf
File opened for reading	/proc/18/cmdline	Aqua.i686.elf
File opened for reading	/proc/410/cmdline	Aqua.i686.elf
File opened for reading	/proc/1125/cmdline	Aqua.i686.elf
File opened for reading	/proc/1166/cmdline	Aqua.i686.elf
File opened for reading	/proc/210/cmdline	Aqua.i686.elf
File opened for reading	/proc/699/cmdline	Aqua.i686.elf
File opened for reading	/proc/3/cmdline	Aqua.i686.elf
File opened for reading	/proc/94/cmdline	Aqua.i686.elf
File opened for reading	/proc/99/cmdline	Aqua.i686.elf
File opened for reading	/proc/204/cmdline	Aqua.i686.elf
File opened for reading	/proc/1012/cmdline	Aqua.i686.elf
File opened for reading	/proc/1116/cmdline	Aqua.i686.elf
File opened for reading	/proc/92/cmdline	Aqua.i686.elf
File opened for reading	/proc/225/cmdline	Aqua.i686.elf
File opened for reading	/proc/470/cmdline	Aqua.i686.elf
File opened for reading	/proc/952/cmdline	Aqua.i686.elf
File opened for reading	/proc/1176/cmdline	Aqua.i686.elf
File opened for reading	/proc/75/cmdline	Aqua.i686.elf
File opened for reading	/proc/82/cmdline	Aqua.i686.elf
File opened for reading	/proc/95/cmdline	Aqua.i686.elf
File opened for reading	/proc/196/cmdline	Aqua.i686.elf
File opened for reading	/proc/612/cmdline	Aqua.i686.elf
File opened for reading	/proc/763/cmdline	Aqua.i686.elf
File opened for reading	/proc/843/cmdline	Aqua.i686.elf
File opened for reading	/proc/990/cmdline	Aqua.i686.elf
File opened for reading	/proc/23/cmdline	Aqua.i686.elf
File opened for reading	/proc/91/cmdline	Aqua.i686.elf
File opened for reading	/proc/214/cmdline	Aqua.i686.elf
File opened for reading	/proc/314/cmdline	Aqua.i686.elf
File opened for reading	/proc/1153/cmdline	Aqua.i686.elf
File opened for reading	/proc/634/cmdline	Aqua.i686.elf
File opened for reading	/proc/1070/cmdline	Aqua.i686.elf
File opened for reading	/proc/1095/cmdline	Aqua.i686.elf
File opened for reading	/proc/11/cmdline	Aqua.i686.elf
File opened for reading	/proc/25/cmdline	Aqua.i686.elf
File opened for reading	/proc/89/cmdline	Aqua.i686.elf
File opened for reading	/proc/102/cmdline	Aqua.i686.elf
File opened for reading	/proc/526/cmdline	Aqua.i686.elf
File opened for reading	/proc/76/cmdline	Aqua.i686.elf
File opened for reading	/proc/77/cmdline	Aqua.i686.elf
File opened for reading	/proc/78/cmdline	Aqua.i686.elf
File opened for reading	/proc/416/cmdline	Aqua.i686.elf
File opened for reading	/proc/212/cmdline	Aqua.i686.elf
File opened for reading	/proc/761/cmdline	Aqua.i686.elf
File opened for reading	/proc/502/cmdline	Aqua.i686.elf
File opened for reading	/proc/971/cmdline	Aqua.i686.elf
File opened for reading	/proc/1037/cmdline	Aqua.i686.elf
File opened for reading	/proc/1052/cmdline	Aqua.i686.elf
File opened for reading	/proc/85/cmdline	Aqua.i686.elf
File opened for reading	/proc/98/cmdline	Aqua.i686.elf
File opened for reading	/proc/101/cmdline	Aqua.i686.elf
File opened for reading	/proc/164/cmdline	Aqua.i686.elf
File opened for reading	/proc/1133/cmdline	Aqua.i686.elf
File opened for reading	/proc/408/cmdline	Aqua.i686.elf
File opened for reading	/proc/750/cmdline	Aqua.i686.elf
File opened for reading	/proc/1055/cmdline	Aqua.i686.elf
File opened for reading	/proc/1157/cmdline	Aqua.i686.elf
File opened for reading	/proc/1173/cmdline	Aqua.i686.elf
File opened for reading	/proc/14/cmdline	Aqua.i686.elf
File opened for reading	/proc/588/cmdline	Aqua.i686.elf
File opened for reading	/proc/751/cmdline	Aqua.i686.elf

/tmp/Aqua.i686.elf
/tmp/Aqua.i686.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:1566

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads