Overview
overview
10Static
static
10250103/Aqua.arm4
debian-12-armhf
1250103/Aqua.arm5
debian-9-armhf
7250103/Aqua.arm6
debian-9-armhf
1250103/Aqua.arm7
debian-12-armhf
7250103/Aqua.i686
ubuntu-22.04-amd64
7250103/Aqua.m68k
ubuntu-18.04-amd64
250103/Aqua.m68k
debian-9-armhf
250103/Aqua.m68k
debian-9-mips
250103/Aqua.m68k
debian-9-mipsel
250103/Aqua.mips
debian-9-mips
7250103/Aqua.mips.1
debian-9-mips
7250103/Aqua.mpsl
debian-12-mipsel
250103/Aqua.ppc
ubuntu-18.04-amd64
250103/Aqua.ppc
debian-9-armhf
250103/Aqua.ppc
debian-9-mips
250103/Aqua.ppc
debian-9-mipsel
250103/Aqua.sh4
ubuntu-18.04-amd64
250103/Aqua.sh4
debian-9-armhf
250103/Aqua.sh4
debian-9-mips
250103/Aqua.sh4
debian-9-mipsel
250103/Aqua.x86
ubuntu-20.04-amd64
7250103/Aqua.x86_64
ubuntu-22.04-amd64
7250103/random.sh
windows7-x64
3250103/random.sh
windows10-2004-x64
3250103/rmod.sh
windows7-x64
3250103/rmod.sh
windows10-2004-x64
3Analysis
-
max time kernel
139s -
max time network
137s -
platform
debian-9_armhf -
resource
debian9-armhf-20240418-en -
resource tags
arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
02-01-2025 23:56
Behavioral task
behavioral1
Sample
250103/Aqua.arm4
Resource
debian12-armhf-20240221-en
debian-12-armhf
Behavioral task
behavioral2
Sample
250103/Aqua.arm5
Resource
debian9-armhf-20240418-en
debian-9-armhf
Behavioral task
behavioral3
Sample
250103/Aqua.arm6
Resource
debian9-armhf-20240611-en
debian-9-armhf
Behavioral task
behavioral4
Sample
250103/Aqua.arm7
Resource
debian12-armhf-20240418-en
debian-12-armhf
Behavioral task
behavioral5
Sample
250103/Aqua.i686
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
Behavioral task
behavioral6
Sample
250103/Aqua.m68k
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral7
Sample
250103/Aqua.m68k
Resource
debian9-armhf-20240611-en
debian-9-armhf
Behavioral task
behavioral8
Sample
250103/Aqua.m68k
Resource
debian9-mipsbe-20240418-en
debian-9-mips
Behavioral task
behavioral9
Sample
250103/Aqua.m68k
Resource
debian9-mipsel-20240729-en
debian-9-mipsel
Behavioral task
behavioral10
Sample
250103/Aqua.mips
Resource
debian9-mipsbe-20240611-en
debian-9-mips
Behavioral task
behavioral11
Sample
250103/Aqua.mips.1
Resource
debian9-mipsbe-20240611-en
debian-9-mips
Behavioral task
behavioral12
Sample
250103/Aqua.mpsl
Resource
debian12-mipsel-20240221-en
debian-12-mipsel
Behavioral task
behavioral13
Sample
250103/Aqua.ppc
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral14
Sample
250103/Aqua.ppc
Resource
debian9-armhf-20240418-en
debian-9-armhf
Behavioral task
behavioral15
Sample
250103/Aqua.ppc
Resource
debian9-mipsbe-20240611-en
debian-9-mips
Behavioral task
behavioral16
Sample
250103/Aqua.ppc
Resource
debian9-mipsel-20240729-en
debian-9-mipsel
Behavioral task
behavioral17
Sample
250103/Aqua.sh4
Resource
ubuntu1804-amd64-20240729-en
ubuntu-18.04-amd64
Behavioral task
behavioral18
Sample
250103/Aqua.sh4
Resource
debian9-armhf-20240418-en
debian-9-armhf
Behavioral task
behavioral19
Sample
250103/Aqua.sh4
Resource
debian9-mipsbe-20240611-en
debian-9-mips
Behavioral task
behavioral20
Sample
250103/Aqua.sh4
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
Behavioral task
behavioral21
Sample
250103/Aqua.x86
Resource
ubuntu2004-amd64-20241127-en
ubuntu-20.04-amd64
Behavioral task
behavioral22
Sample
250103/Aqua.x86_64
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
Behavioral task
behavioral23
Sample
250103/random.sh
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral24
Sample
250103/random.sh
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
250103/rmod.sh
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral26
Sample
250103/rmod.sh
Resource
win10v2004-20241007-en
windows10-2004-x64
General
-
Target
250103/Aqua.arm5
-
Size
73KB
-
MD5
a81b3e1b08e1dd38ed320248960f0a22
-
SHA1
e6caa95820ed9a3ac2721bb35d5141b95f58bb6f
-
SHA256
2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e
-
SHA512
5b492fd9d7023140c05e1160e5b8b911e20a7b560942a348cce369d79d72e715c22f84bd21b050cca9a341967dc3305c3e3cb517ebecce8b8bd12dab2a651a82
-
SSDEEP
1536:0ywMg00kq9ASzNW1vUTYM5ONh5TmM0FHzwUhIuSim:0ywWjSgvUUbw5zD2
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 641 Aqua.arm5 -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself httpd 640 Aqua.arm5 -
description ioc Process File opened for reading /proc/138/cmdline Aqua.arm5 File opened for reading /proc/4/cmdline Aqua.arm5 File opened for reading /proc/14/cmdline Aqua.arm5 File opened for reading /proc/21/cmdline Aqua.arm5 File opened for reading /proc/42/cmdline Aqua.arm5 File opened for reading /proc/15/cmdline Aqua.arm5 File opened for reading /proc/25/cmdline Aqua.arm5 File opened for reading /proc/318/cmdline Aqua.arm5 File opened for reading /proc/591/cmdline Aqua.arm5 File opened for reading /proc/149/cmdline Aqua.arm5 File opened for reading /proc/276/cmdline Aqua.arm5 File opened for reading /proc/5/cmdline Aqua.arm5 File opened for reading /proc/7/cmdline Aqua.arm5 File opened for reading /proc/12/cmdline Aqua.arm5 File opened for reading /proc/81/cmdline Aqua.arm5 File opened for reading /proc/571/cmdline Aqua.arm5 File opened for reading /proc/13/cmdline Aqua.arm5 File opened for reading /proc/18/cmdline Aqua.arm5 File opened for reading /proc/27/cmdline Aqua.arm5 File opened for reading /proc/278/cmdline Aqua.arm5 File opened for reading /proc/11/cmdline Aqua.arm5 File opened for reading /proc/588/cmdline Aqua.arm5 File opened for reading /proc/3/cmdline Aqua.arm5 File opened for reading /proc/24/cmdline Aqua.arm5 File opened for reading /proc/110/cmdline Aqua.arm5 File opened for reading /proc/292/cmdline Aqua.arm5 File opened for reading /proc/103/cmdline Aqua.arm5 File opened for reading /proc/8/cmdline Aqua.arm5 File opened for reading /proc/16/cmdline Aqua.arm5 File opened for reading /proc/17/cmdline Aqua.arm5 File opened for reading /proc/23/cmdline Aqua.arm5 File opened for reading /proc/43/cmdline Aqua.arm5 File opened for reading /proc/142/cmdline Aqua.arm5 File opened for reading /proc/289/cmdline Aqua.arm5 File opened for reading /proc/10/cmdline Aqua.arm5 File opened for reading /proc/26/cmdline Aqua.arm5 File opened for reading /proc/306/cmdline Aqua.arm5 File opened for reading /proc/22/cmdline Aqua.arm5 File opened for reading /proc/587/cmdline Aqua.arm5 File opened for reading /proc/19/cmdline Aqua.arm5 File opened for reading /proc/223/cmdline Aqua.arm5 File opened for reading /proc/271/cmdline Aqua.arm5 File opened for reading /proc/274/cmdline Aqua.arm5 File opened for reading /proc/6/cmdline Aqua.arm5 File opened for reading /proc/29/cmdline Aqua.arm5 File opened for reading /proc/112/cmdline Aqua.arm5 File opened for reading /proc/273/cmdline Aqua.arm5 File opened for reading /proc/113/cmdline Aqua.arm5 File opened for reading /proc/152/cmdline Aqua.arm5 File opened for reading /proc/170/cmdline Aqua.arm5 File opened for reading /proc/308/cmdline Aqua.arm5 File opened for reading /proc/2/cmdline Aqua.arm5 File opened for reading /proc/20/cmdline Aqua.arm5 File opened for reading /proc/28/cmdline Aqua.arm5 File opened for reading /proc/9/cmdline Aqua.arm5 File opened for reading /proc/41/cmdline Aqua.arm5 File opened for reading /proc/161/cmdline Aqua.arm5