25d8cb0ef26bd4c82292428f59fddd9378e664da42eb027a209b30db6ec857bf

Analysis

max time kernel
134s
max time network
146s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240611-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
31-12-2024 12:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Aqua.x86.elf
Size

61KB
MD5

785339a085925778d164e6048a5db5db
SHA1

d5a458fda72b4e38a12d07631c198414510e9e78
SHA256

25d8cb0ef26bd4c82292428f59fddd9378e664da42eb027a209b30db6ec857bf
SHA512

5186f196d8633a7343df1b8104cc1aadc804bb8965869cc7d24ab929ea86635e32fee72b0789c1760236925dc074dae458448eb928a2aababe39b6c25d0e2466
SSDEEP

1536:hsJzVTBEV6t+sJ9b6Vc53mqmXyyIjcA3B969X81OwIO73:uJBVEV6tZ2c9mqmXy3jlBaM1D

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1389	Aqua.x86.elf

Unexpected DNS network traffic destination 1 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	206.212.246.5

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	1388	Aqua.x86.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/70/cmdline	Aqua.x86.elf
File opened for reading	/proc/105/cmdline	Aqua.x86.elf
File opened for reading	/proc/444/cmdline	Aqua.x86.elf
File opened for reading	/proc/486/cmdline	Aqua.x86.elf
File opened for reading	/proc/498/cmdline	Aqua.x86.elf
File opened for reading	/proc/19/cmdline	Aqua.x86.elf
File opened for reading	/proc/102/cmdline	Aqua.x86.elf
File opened for reading	/proc/158/cmdline	Aqua.x86.elf
File opened for reading	/proc/169/cmdline	Aqua.x86.elf
File opened for reading	/proc/201/cmdline	Aqua.x86.elf
File opened for reading	/proc/497/cmdline	Aqua.x86.elf
File opened for reading	/proc/531/cmdline	Aqua.x86.elf
File opened for reading	/proc/1004/cmdline	Aqua.x86.elf
File opened for reading	/proc/18/cmdline	Aqua.x86.elf
File opened for reading	/proc/1080/cmdline	Aqua.x86.elf
File opened for reading	/proc/14/cmdline	Aqua.x86.elf
File opened for reading	/proc/84/cmdline	Aqua.x86.elf
File opened for reading	/proc/92/cmdline	Aqua.x86.elf
File opened for reading	/proc/4/cmdline	Aqua.x86.elf
File opened for reading	/proc/15/cmdline	Aqua.x86.elf
File opened for reading	/proc/24/cmdline	Aqua.x86.elf
File opened for reading	/proc/93/cmdline	Aqua.x86.elf
File opened for reading	/proc/455/cmdline	Aqua.x86.elf
File opened for reading	/proc/771/cmdline	Aqua.x86.elf
File opened for reading	/proc/2/cmdline	Aqua.x86.elf
File opened for reading	/proc/9/cmdline	Aqua.x86.elf
File opened for reading	/proc/73/cmdline	Aqua.x86.elf
File opened for reading	/proc/622/cmdline	Aqua.x86.elf
File opened for reading	/proc/965/cmdline	Aqua.x86.elf
File opened for reading	/proc/7/cmdline	Aqua.x86.elf
File opened for reading	/proc/161/cmdline	Aqua.x86.elf
File opened for reading	/proc/177/cmdline	Aqua.x86.elf
File opened for reading	/proc/269/cmdline	Aqua.x86.elf
File opened for reading	/proc/1035/cmdline	Aqua.x86.elf
File opened for reading	/proc/11/cmdline	Aqua.x86.elf
File opened for reading	/proc/88/cmdline	Aqua.x86.elf
File opened for reading	/proc/393/cmdline	Aqua.x86.elf
File opened for reading	/proc/496/cmdline	Aqua.x86.elf
File opened for reading	/proc/793/cmdline	Aqua.x86.elf
File opened for reading	/proc/1062/cmdline	Aqua.x86.elf
File opened for reading	/proc/75/cmdline	Aqua.x86.elf
File opened for reading	/proc/174/cmdline	Aqua.x86.elf
File opened for reading	/proc/1039/cmdline	Aqua.x86.elf
File opened for reading	/proc/1089/cmdline	Aqua.x86.elf
File opened for reading	/proc/77/cmdline	Aqua.x86.elf
File opened for reading	/proc/86/cmdline	Aqua.x86.elf
File opened for reading	/proc/159/cmdline	Aqua.x86.elf
File opened for reading	/proc/439/cmdline	Aqua.x86.elf
File opened for reading	/proc/16/cmdline	Aqua.x86.elf
File opened for reading	/proc/89/cmdline	Aqua.x86.elf
File opened for reading	/proc/394/cmdline	Aqua.x86.elf
File opened for reading	/proc/140/cmdline	Aqua.x86.elf
File opened for reading	/proc/71/cmdline	Aqua.x86.elf
File opened for reading	/proc/72/cmdline	Aqua.x86.elf
File opened for reading	/proc/1087/cmdline	Aqua.x86.elf
File opened for reading	/proc/8/cmdline	Aqua.x86.elf
File opened for reading	/proc/170/cmdline	Aqua.x86.elf
File opened for reading	/proc/172/cmdline	Aqua.x86.elf
File opened for reading	/proc/649/cmdline	Aqua.x86.elf
File opened for reading	/proc/947/cmdline	Aqua.x86.elf
File opened for reading	/proc/90/cmdline	Aqua.x86.elf
File opened for reading	/proc/20/cmdline	Aqua.x86.elf
File opened for reading	/proc/173/cmdline	Aqua.x86.elf
File opened for reading	/proc/175/cmdline	Aqua.x86.elf

/tmp/Aqua.x86.elf
/tmp/Aqua.x86.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:1388

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads