d722e328e8ea43bff3ea2a6b5f14d250e387433f0a59e25af756e43d2481ace7

Analysis

max time kernel
130s
max time network
146s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
29-12-2024 00:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Aqua.dbg.elf
Size

74KB
MD5

c9fcc13930fd293fa7bfb21b09b24864
SHA1

e4e55b20c9bd4ef19f3f5b224432bdba65ea9df5
SHA256

d722e328e8ea43bff3ea2a6b5f14d250e387433f0a59e25af756e43d2481ace7
SHA512

481e2429751b59c1a6877f8ab19a134fb90f227ea2e8fc17afdd424003377f9fa0c507b5c1f9d439324ff1be5a7517b5efcb844efb80a6aa4213c4325b992ae8
SSDEEP

1536:KCy7rRwCMo01sMQ85CJiLBOelnX4tPFwVzMNAhwknl67mBnFkbrz:/y3RwCMZ1sMpKwBOelINweNAhD67mBFY

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2821	Aqua.dbg.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	2821	Aqua.dbg.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/3/cmdline	Aqua.dbg.elf
File opened for reading	/proc/6/cmdline	Aqua.dbg.elf
File opened for reading	/proc/9/cmdline	Aqua.dbg.elf
File opened for reading	/proc/34/cmdline	Aqua.dbg.elf
File opened for reading	/proc/42/cmdline	Aqua.dbg.elf
File opened for reading	/proc/197/cmdline	Aqua.dbg.elf
File opened for reading	/proc/1256/cmdline	Aqua.dbg.elf
File opened for reading	/proc/48/cmdline	Aqua.dbg.elf
File opened for reading	/proc/198/cmdline	Aqua.dbg.elf
File opened for reading	/proc/795/cmdline	Aqua.dbg.elf
File opened for reading	/proc/1111/cmdline	Aqua.dbg.elf
File opened for reading	/proc/2036/cmdline	Aqua.dbg.elf
File opened for reading	/proc/2309/cmdline	Aqua.dbg.elf
File opened for reading	/proc/2320/cmdline	Aqua.dbg.elf
File opened for reading	/proc/2128/cmdline	Aqua.dbg.elf
File opened for reading	/proc/8/cmdline	Aqua.dbg.elf
File opened for reading	/proc/80/cmdline	Aqua.dbg.elf
File opened for reading	/proc/189/cmdline	Aqua.dbg.elf
File opened for reading	/proc/454/cmdline	Aqua.dbg.elf
File opened for reading	/proc/591/cmdline	Aqua.dbg.elf
File opened for reading	/proc/1054/cmdline	Aqua.dbg.elf
File opened for reading	/proc/1794/cmdline	Aqua.dbg.elf
File opened for reading	/proc/33/cmdline	Aqua.dbg.elf
File opened for reading	/proc/2260/cmdline	Aqua.dbg.elf
File opened for reading	/proc/2274/cmdline	Aqua.dbg.elf
File opened for reading	/proc/188/cmdline	Aqua.dbg.elf
File opened for reading	/proc/796/cmdline	Aqua.dbg.elf
File opened for reading	/proc/1063/cmdline	Aqua.dbg.elf
File opened for reading	/proc/2038/cmdline	Aqua.dbg.elf
File opened for reading	/proc/2278/cmdline	Aqua.dbg.elf
File opened for reading	/proc/10/cmdline	Aqua.dbg.elf
File opened for reading	/proc/28/cmdline	Aqua.dbg.elf
File opened for reading	/proc/36/cmdline	Aqua.dbg.elf
File opened for reading	/proc/457/cmdline	Aqua.dbg.elf
File opened for reading	/proc/1048/cmdline	Aqua.dbg.elf
File opened for reading	/proc/2140/cmdline	Aqua.dbg.elf
File opened for reading	/proc/2257/cmdline	Aqua.dbg.elf
File opened for reading	/proc/4/cmdline	Aqua.dbg.elf
File opened for reading	/proc/71/cmdline	Aqua.dbg.elf
File opened for reading	/proc/2148/cmdline	Aqua.dbg.elf
File opened for reading	/proc/2229/cmdline	Aqua.dbg.elf
File opened for reading	/proc/5/cmdline	Aqua.dbg.elf
File opened for reading	/proc/17/cmdline	Aqua.dbg.elf
File opened for reading	/proc/431/cmdline	Aqua.dbg.elf
File opened for reading	/proc/734/cmdline	Aqua.dbg.elf
File opened for reading	/proc/794/cmdline	Aqua.dbg.elf
File opened for reading	/proc/853/cmdline	Aqua.dbg.elf
File opened for reading	/proc/2317/cmdline	Aqua.dbg.elf
File opened for reading	/proc/32/cmdline	Aqua.dbg.elf
File opened for reading	/proc/39/cmdline	Aqua.dbg.elf
File opened for reading	/proc/55/cmdline	Aqua.dbg.elf
File opened for reading	/proc/194/cmdline	Aqua.dbg.elf
File opened for reading	/proc/510/cmdline	Aqua.dbg.elf
File opened for reading	/proc/2328/cmdline	Aqua.dbg.elf
File opened for reading	/proc/511/cmdline	Aqua.dbg.elf
File opened for reading	/proc/1067/cmdline	Aqua.dbg.elf
File opened for reading	/proc/1080/cmdline	Aqua.dbg.elf
File opened for reading	/proc/2181/cmdline	Aqua.dbg.elf
File opened for reading	/proc/1068/cmdline	Aqua.dbg.elf
File opened for reading	/proc/2/cmdline	Aqua.dbg.elf
File opened for reading	/proc/7/cmdline	Aqua.dbg.elf
File opened for reading	/proc/22/cmdline	Aqua.dbg.elf
File opened for reading	/proc/57/cmdline	Aqua.dbg.elf
File opened for reading	/proc/64/cmdline	Aqua.dbg.elf

/tmp/Aqua.dbg.elf
/tmp/Aqua.dbg.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:2821

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads