Overview

overview

10

Static

static

10

Aqua.i686.elf

ubuntu-24.04-amd64

7

Analysis

  • max time kernel
    130s
  • max time network
    142s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240523-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    31-12-2024 13:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Aqua.i686.elf

  • Size

    65KB

  • MD5

    a44f59525e746cd6323e3adcfbba2bf6

  • SHA1

    daaa5ffa4492890f89343f02f86b4a54f9620dd5

  • SHA256

    493d8e62473aa1253db8c265ff5577f65f4e58d8a63759c15154d3b937d02f14

  • SHA512

    65c2473b6a813e61c1918884b2db07988451f9fccfac8d7eb4ff633ec3741433c6d20341ac2dcc6bf11b89174f5f6f34194eec29d8170c4d279877b3b5ff66e3

  • SSDEEP

    1536:6ls7IFtUITcmQSqwCUBakXxn73WHs/Zd/tesn3Y9RPJQR3xjpx:6lsEFtfTHqwCUBakXViM/Zd/tes3iYx

Score
7/10
rootkit

Malware Config

Signatures

  • Loads a kernel module 1 IoCs

    Loads a Linux kernel module, potentially to achieve persistence

    rootkit
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/Aqua.i686.elf
    /tmp/Aqua.i686.elf
    1⤵
    • Loads a kernel module
    • Writes file to tmp directory
    PID:2438

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads