43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681

Analysis

max time kernel
130s
max time network
141s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
31-12-2024 11:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Aqua.dbg.elf
Size

74KB
MD5

bf9a68b74e954fc383f737c45d290153
SHA1

1bffc9795d707c833e826aa8ed66d6dc4539b82c
SHA256

43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681
SHA512

2f49132a3b7475c77bef156f2f96aba6ee7fdb42c4377e72461c79e4e40722bd0c3bbb591fb0c2b63d80bdc826c2fffd5b2311a12d0b1b0a1678b2418db1698c
SSDEEP

1536:wCy7rRwCMo01sMQ85CJiLBOelOi4QPFwwzxNzhwknlibBFkTVA:ly3RwCMZ1sMpKwBOelnNwWNzhDibBFU2

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2449	Aqua.dbg.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	2449	Aqua.dbg.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/14/cmdline	Aqua.dbg.elf
File opened for reading	/proc/46/cmdline	Aqua.dbg.elf
File opened for reading	/proc/754/cmdline	Aqua.dbg.elf
File opened for reading	/proc/1897/cmdline	Aqua.dbg.elf
File opened for reading	/proc/1117/cmdline	Aqua.dbg.elf
File opened for reading	/proc/15/cmdline	Aqua.dbg.elf
File opened for reading	/proc/41/cmdline	Aqua.dbg.elf
File opened for reading	/proc/235/cmdline	Aqua.dbg.elf
File opened for reading	/proc/1047/cmdline	Aqua.dbg.elf
File opened for reading	/proc/1073/cmdline	Aqua.dbg.elf
File opened for reading	/proc/385/cmdline	Aqua.dbg.elf
File opened for reading	/proc/432/cmdline	Aqua.dbg.elf
File opened for reading	/proc/1806/cmdline	Aqua.dbg.elf
File opened for reading	/proc/7/cmdline	Aqua.dbg.elf
File opened for reading	/proc/29/cmdline	Aqua.dbg.elf
File opened for reading	/proc/47/cmdline	Aqua.dbg.elf
File opened for reading	/proc/56/cmdline	Aqua.dbg.elf
File opened for reading	/proc/274/cmdline	Aqua.dbg.elf
File opened for reading	/proc/1920/cmdline	Aqua.dbg.elf
File opened for reading	/proc/63/cmdline	Aqua.dbg.elf
File opened for reading	/proc/1333/cmdline	Aqua.dbg.elf
File opened for reading	/proc/1644/cmdline	Aqua.dbg.elf
File opened for reading	/proc/1775/cmdline	Aqua.dbg.elf
File opened for reading	/proc/1892/cmdline	Aqua.dbg.elf
File opened for reading	/proc/275/cmdline	Aqua.dbg.elf
File opened for reading	/proc/728/cmdline	Aqua.dbg.elf
File opened for reading	/proc/23/cmdline	Aqua.dbg.elf
File opened for reading	/proc/27/cmdline	Aqua.dbg.elf
File opened for reading	/proc/28/cmdline	Aqua.dbg.elf
File opened for reading	/proc/193/cmdline	Aqua.dbg.elf
File opened for reading	/proc/197/cmdline	Aqua.dbg.elf
File opened for reading	/proc/31/cmdline	Aqua.dbg.elf
File opened for reading	/proc/510/cmdline	Aqua.dbg.elf
File opened for reading	/proc/743/cmdline	Aqua.dbg.elf
File opened for reading	/proc/786/cmdline	Aqua.dbg.elf
File opened for reading	/proc/8/cmdline	Aqua.dbg.elf
File opened for reading	/proc/40/cmdline	Aqua.dbg.elf
File opened for reading	/proc/883/cmdline	Aqua.dbg.elf
File opened for reading	/proc/1124/cmdline	Aqua.dbg.elf
File opened for reading	/proc/1962/cmdline	Aqua.dbg.elf
File opened for reading	/proc/32/cmdline	Aqua.dbg.elf
File opened for reading	/proc/53/cmdline	Aqua.dbg.elf
File opened for reading	/proc/123/cmdline	Aqua.dbg.elf
File opened for reading	/proc/199/cmdline	Aqua.dbg.elf
File opened for reading	/proc/1111/cmdline	Aqua.dbg.elf
File opened for reading	/proc/1853/cmdline	Aqua.dbg.elf
File opened for reading	/proc/779/cmdline	Aqua.dbg.elf
File opened for reading	/proc/1053/cmdline	Aqua.dbg.elf
File opened for reading	/proc/1060/cmdline	Aqua.dbg.elf
File opened for reading	/proc/1074/cmdline	Aqua.dbg.elf
File opened for reading	/proc/1777/cmdline	Aqua.dbg.elf
File opened for reading	/proc/11/cmdline	Aqua.dbg.elf
File opened for reading	/proc/19/cmdline	Aqua.dbg.elf
File opened for reading	/proc/2/cmdline	Aqua.dbg.elf
File opened for reading	/proc/35/cmdline	Aqua.dbg.elf
File opened for reading	/proc/194/cmdline	Aqua.dbg.elf
File opened for reading	/proc/586/cmdline	Aqua.dbg.elf
File opened for reading	/proc/38/cmdline	Aqua.dbg.elf
File opened for reading	/proc/784/cmdline	Aqua.dbg.elf
File opened for reading	/proc/1855/cmdline	Aqua.dbg.elf
File opened for reading	/proc/1916/cmdline	Aqua.dbg.elf
File opened for reading	/proc/20/cmdline	Aqua.dbg.elf
File opened for reading	/proc/54/cmdline	Aqua.dbg.elf
File opened for reading	/proc/785/cmdline	Aqua.dbg.elf

/tmp/Aqua.dbg.elf
/tmp/Aqua.dbg.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:2449

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads