597b84ba23e16b24ec17288981bbf65c84b6ba3bb07df6620378a1907692fb86

Analysis

max time kernel
134s
max time network
146s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240522.1-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240522.1-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
29-12-2024 00:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Aqua.x86.elf
Size

61KB
MD5

b66696d5ebafd6e9d5eec28c3b34f33a
SHA1

791815001f0a6265d10e62a6bac244e25e679d49
SHA256

597b84ba23e16b24ec17288981bbf65c84b6ba3bb07df6620378a1907692fb86
SHA512

7ee67f9215e89922edffffee84cecd7599a2b0c85bd6f7aac9035077a0a13509b163e97c4a6eedbdabd4d958d5b99eb7f74dbb4f1336f37d6852efd1a0e436f8
SSDEEP

1536:MOf6FP7mQT9+CgAf92NJcJjtEUznSzdvPcifVd7c/4CSQ7:ff6BaQT9+EMc1tdzS9Pfn76

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1570	Aqua.x86.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	1569	Aqua.x86.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/74/cmdline	Aqua.x86.elf
File opened for reading	/proc/79/cmdline	Aqua.x86.elf
File opened for reading	/proc/83/cmdline	Aqua.x86.elf
File opened for reading	/proc/588/cmdline	Aqua.x86.elf
File opened for reading	/proc/1036/cmdline	Aqua.x86.elf
File opened for reading	/proc/95/cmdline	Aqua.x86.elf
File opened for reading	/proc/204/cmdline	Aqua.x86.elf
File opened for reading	/proc/313/cmdline	Aqua.x86.elf
File opened for reading	/proc/504/cmdline	Aqua.x86.elf
File opened for reading	/proc/659/cmdline	Aqua.x86.elf
File opened for reading	/proc/944/cmdline	Aqua.x86.elf
File opened for reading	/proc/6/cmdline	Aqua.x86.elf
File opened for reading	/proc/17/cmdline	Aqua.x86.elf
File opened for reading	/proc/23/cmdline	Aqua.x86.elf
File opened for reading	/proc/210/cmdline	Aqua.x86.elf
File opened for reading	/proc/739/cmdline	Aqua.x86.elf
File opened for reading	/proc/81/cmdline	Aqua.x86.elf
File opened for reading	/proc/88/cmdline	Aqua.x86.elf
File opened for reading	/proc/428/cmdline	Aqua.x86.elf
File opened for reading	/proc/531/cmdline	Aqua.x86.elf
File opened for reading	/proc/410/cmdline	Aqua.x86.elf
File opened for reading	/proc/593/cmdline	Aqua.x86.elf
File opened for reading	/proc/836/cmdline	Aqua.x86.elf
File opened for reading	/proc/24/cmdline	Aqua.x86.elf
File opened for reading	/proc/506/cmdline	Aqua.x86.elf
File opened for reading	/proc/586/cmdline	Aqua.x86.elf
File opened for reading	/proc/713/cmdline	Aqua.x86.elf
File opened for reading	/proc/1016/cmdline	Aqua.x86.elf
File opened for reading	/proc/97/cmdline	Aqua.x86.elf
File opened for reading	/proc/219/cmdline	Aqua.x86.elf
File opened for reading	/proc/1120/cmdline	Aqua.x86.elf
File opened for reading	/proc/77/cmdline	Aqua.x86.elf
File opened for reading	/proc/985/cmdline	Aqua.x86.elf
File opened for reading	/proc/7/cmdline	Aqua.x86.elf
File opened for reading	/proc/20/cmdline	Aqua.x86.elf
File opened for reading	/proc/96/cmdline	Aqua.x86.elf
File opened for reading	/proc/416/cmdline	Aqua.x86.elf
File opened for reading	/proc/5/cmdline	Aqua.x86.elf
File opened for reading	/proc/85/cmdline	Aqua.x86.elf
File opened for reading	/proc/101/cmdline	Aqua.x86.elf
File opened for reading	/proc/119/cmdline	Aqua.x86.elf
File opened for reading	/proc/212/cmdline	Aqua.x86.elf
File opened for reading	/proc/414/cmdline	Aqua.x86.elf
File opened for reading	/proc/451/cmdline	Aqua.x86.elf
File opened for reading	/proc/99/cmdline	Aqua.x86.elf
File opened for reading	/proc/159/cmdline	Aqua.x86.elf
File opened for reading	/proc/412/cmdline	Aqua.x86.elf
File opened for reading	/proc/1171/cmdline	Aqua.x86.elf
File opened for reading	/proc/86/cmdline	Aqua.x86.elf
File opened for reading	/proc/262/cmdline	Aqua.x86.elf
File opened for reading	/proc/589/cmdline	Aqua.x86.elf
File opened for reading	/proc/950/cmdline	Aqua.x86.elf
File opened for reading	/proc/408/cmdline	Aqua.x86.elf
File opened for reading	/proc/585/cmdline	Aqua.x86.elf
File opened for reading	/proc/965/cmdline	Aqua.x86.elf
File opened for reading	/proc/1175/cmdline	Aqua.x86.elf
File opened for reading	/proc/1100/cmdline	Aqua.x86.elf
File opened for reading	/proc/15/cmdline	Aqua.x86.elf
File opened for reading	/proc/22/cmdline	Aqua.x86.elf
File opened for reading	/proc/25/cmdline	Aqua.x86.elf
File opened for reading	/proc/92/cmdline	Aqua.x86.elf
File opened for reading	/proc/94/cmdline	Aqua.x86.elf
File opened for reading	/proc/655/cmdline	Aqua.x86.elf
File opened for reading	/proc/1047/cmdline	Aqua.x86.elf

/tmp/Aqua.x86.elf
/tmp/Aqua.x86.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:1569

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads