f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049

Analysis

max time kernel
150s
max time network
155s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
29-12-2024 15:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Aqua.arm7.elf
Size

153KB
MD5

20929309199e4b8bbca4899ac02edd16
SHA1

f47314762d0084b305a4147e3224b66380131a10
SHA256

f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049
SHA512

3bbf566b0545f22bcd2c7bf87c685891d3c2369d14e0e6ea90a8559b778b8197e358aaa64b46e0cff4714810f5cea71d21e2da0c8f249de6cffdf97dffd79caf
SSDEEP

3072:30MUdehIVNTkaGGiuM1BB6+5rhW+cq/Ma/mCGM/9zODF9z+:30MUMhWdkaGGiuM1D6gWdGMa/mrM/9GK

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
707	Aqua.arm7.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	705	Aqua.arm7.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/222v�/stat	Aqua.arm7.elf
File opened for reading	/proc/333�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/6666h;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/2222X;/stat	Aqua.arm7.elf
File opened for reading	/proc/6666h;/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222/stat	Aqua.arm7.elf
File opened for reading	/proc/3333�4/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/444d�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/333385/stat	Aqua.arm7.elf
File opened for reading	/proc/3333M5/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222v�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/6666g;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/55/stat	Aqua.arm7.elf
File opened for reading	/proc/111ul/stat	Aqua.arm7.elf
File opened for reading	/proc/444d�/stat	Aqua.arm7.elf
File opened for reading	/proc/555s�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/444s�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333�6/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777k;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/6666;/stat	Aqua.arm7.elf
File opened for reading	/proc/99ssb/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/111ul/cmdline	Aqua.arm7.elf
File opened for reading	/proc/333s�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/333s�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/1111W0/cmdline	Aqua.arm7.elf
File opened for reading	/proc/333�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222cx/stat	Aqua.arm7.elf
File opened for reading	/proc/444d�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/6666;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/111d/stat	Aqua.arm7.elf
File opened for reading	/proc/222l~/stat	Aqua.arm7.elf
File opened for reading	/proc/11/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222m�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/333�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/333�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/333s�/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222m�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/stat	Aqua.arm7.elf
File opened for reading	/proc/222l~/cmdline	Aqua.arm7.elf
File opened for reading	/proc/333�/stat	Aqua.arm7.elf
File opened for reading	/proc/555/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222m�/stat	Aqua.arm7.elf
File opened for reading	/proc/33/stat	Aqua.arm7.elf
File opened for reading	/proc/6666;/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/444/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333@5/stat	Aqua.arm7.elf
File opened for reading	/proc/3333�6/stat	Aqua.arm7.elf
File opened for reading	/proc/7777O;/stat	Aqua.arm7.elf
File opened for reading	/proc/222z/cmdline	Aqua.arm7.elf

/tmp/Aqua.arm7.elf
/tmp/Aqua.arm7.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:705

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads