1e74bcd24e30947bd14cef6731ca63f69df060ba3dcac88b2321171335a6e8ef | Triage

Analysis

max time kernel
130s
max time network
152s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
29-12-2024 06:27

Sharing

Report Analysis Logs

General

Target

Aqua.arm7.elf
Size

134KB
MD5

33f445c61474e87d1d7cf81791a436ce
SHA1

0ddfcf6d959c662c2fd5afe534e745688e046af9
SHA256

1e74bcd24e30947bd14cef6731ca63f69df060ba3dcac88b2321171335a6e8ef
SHA512

a98e04684dbbbe0d28b01b641e065197ae8b2f54c2b45e121f8aa36675640fa9d32dc485d382b2fb854e1338b3dad1871aa949ff6d0b65e725199fe89637814c
SSDEEP

3072:i23pdf6+BnauQj2KlKRErNJtq3//zOz+M/9V83Lq3p:i23pI8nauQj2KoEG//zjM/9V83LqZ

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
657	Aqua.arm7.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	656	Aqua.arm7.elf

/tmp/Aqua.arm7.elf
/tmp/Aqua.arm7.elf
1⤵
- Deletes itself
- Changes its process name
PID:656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads