ed71cd9ff18c0b4d79ded9c8798e5c99de85986a30a46ad25f40c4e8d6f0ce23

Analysis

max time kernel
149s
max time network
147s
platform
debian-12_armhf
resource
debian12-armhf-20240418-en
resource tags

arch:armhfimage:debian12-armhf-20240418-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
02-01-2025 23:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

250103/Aqua.arm7
Size

154KB
MD5

1021bcdbd3317439c8028eba6b621e08
SHA1

ef6f92fd8b9ce15c0af8ff379cedc6a8ffc85a36
SHA256

fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56
SHA512

168cd371ee931004406232b5692b1d3eacd53f211cb607eca5c3b0b1cba131c8328f5de74354e5fd1a062f926372497bdfb26de7cacff67b6ff78d317f14a08b
SSDEEP

3072:4f4fkx/LXeakFSesMI4oaZrS3FSO/DiEMmM/9nhJ+z+:4f4cx/7eakFSesMVoT3ESDiExM/93+a

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
730	Aqua.arm7

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	726	Aqua.arm7

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/222�/cmdline	Aqua.arm7
File opened for reading	/proc/333/stat	Aqua.arm7
File opened for reading	/proc/7777)</stat	Aqua.arm7
File opened for reading	/proc/7777e</stat	Aqua.arm7
File opened for reading	/proc/7777�</stat	Aqua.arm7
File opened for reading	/proc/1111�/stat	Aqua.arm7
File opened for reading	/proc/6666�;/stat	Aqua.arm7
File opened for reading	/proc/11/stat	Aqua.arm7
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7
File opened for reading	/proc/333s�/cmdline	Aqua.arm7
File opened for reading	/proc/3333�4/cmdline	Aqua.arm7
File opened for reading	/proc/3333fffffff/stat	Aqua.arm7
File opened for reading	/proc/7777�;/stat	Aqua.arm7
File opened for reading	/proc/222l�/cmdline	Aqua.arm7
File opened for reading	/proc/7777(</stat	Aqua.arm7
File opened for reading	/proc/7777=/cmdline	Aqua.arm7
File opened for reading	/proc/6666�:/cmdline	Aqua.arm7
File opened for reading	/proc/3333u5/stat	Aqua.arm7
File opened for reading	/proc/7777�;/stat	Aqua.arm7
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7
File opened for reading	/proc/7777=/cmdline	Aqua.arm7
File opened for reading	/proc/1111�2/cmdline	Aqua.arm7
File opened for reading	/proc/7777:</cmdline	Aqua.arm7
File opened for reading	/proc/222�/cmdline	Aqua.arm7
File opened for reading	/proc/444/stat	Aqua.arm7
File opened for reading	/proc/7777�</cmdline	Aqua.arm7
File opened for reading	/proc/7777�;/stat	Aqua.arm7
File opened for reading	/proc/7777%</cmdline	Aqua.arm7
File opened for reading	/proc/7777d</cmdline	Aqua.arm7
File opened for reading	/proc/7777�</cmdline	Aqua.arm7
File opened for reading	/proc/33335/stat	Aqua.arm7
File opened for reading	/proc/6666�8/stat	Aqua.arm7
File opened for reading	/proc/7777%</stat	Aqua.arm7
File opened for reading	/proc/7777�</cmdline	Aqua.arm7
File opened for reading	/proc/8888�</stat	Aqua.arm7
File opened for reading	/proc/222�/stat	Aqua.arm7
File opened for reading	/proc/7777�</stat	Aqua.arm7
File opened for reading	/proc/222�/stat	Aqua.arm7
File opened for reading	/proc/222l�/stat	Aqua.arm7
File opened for reading	/proc/7777 </cmdline	Aqua.arm7
File opened for reading	/proc/777k�/cmdline	Aqua.arm7
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7
File opened for reading	/proc/7777</cmdline	Aqua.arm7
File opened for reading	/proc/6666�7/cmdline	Aqua.arm7
File opened for reading	/proc/444d�/stat	Aqua.arm7
File opened for reading	/proc/6666�;/stat	Aqua.arm7
File opened for reading	/proc/7777$</stat	Aqua.arm7
File opened for reading	/proc/7777)</cmdline	Aqua.arm7
File opened for reading	/proc/111c~/cmdline	Aqua.arm7
File opened for reading	/proc/7777�;/stat	Aqua.arm7
File opened for reading	/proc/8888�</cmdline	Aqua.arm7
File opened for reading	/proc/1111]0/cmdline	Aqua.arm7
File opened for reading	/proc/6666�8/cmdline	Aqua.arm7
File opened for reading	/proc/6666�;/cmdline	Aqua.arm7
File opened for reading	/proc/44/stat	Aqua.arm7
File opened for reading	/proc/111ut/stat	Aqua.arm7
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7
File opened for reading	/proc/1111�;/cmdline	Aqua.arm7
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7
File opened for reading	/proc/7777/stat	Aqua.arm7
File opened for reading	/proc/7777 </stat	Aqua.arm7
File opened for reading	/proc/2222�3/cmdline	Aqua.arm7
File opened for reading	/proc/3333�4/cmdline	Aqua.arm7
File opened for reading	/proc/7777�</stat	Aqua.arm7

/tmp/250103/Aqua.arm7
/tmp/250103/Aqua.arm7
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:726

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads