613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6

Analysis

max time kernel
149s
max time network
153s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
06-01-2025 08:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Aqua.arm7.elf
Size

202KB
MD5

85a2e5ad0c6146c60eb6e6d758ccf4ad
SHA1

715c65aa9332ec9cfd8d0a312f0920b1bdb7eba4
SHA256

613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6
SHA512

6424ae0b9519805c7391053b8ff2179b9bb7fd0a40f4e2d7bc8970514733600d920be6c3c1c5c449f46b6fe74c57685264402ce465e534006d0b476dd6a0aaf2
SSDEEP

6144:Rdq+j3uigacvucaDxoWCZGq8kvVpM+uxGM/RzMIo:R/j3u2aucadoWCZHP9p2xf/uIo

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
715	Aqua.arm7.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	711	Aqua.arm7.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/2222Y4/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333 5/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333s5/stat	Aqua.arm7.elf
File opened for reading	/proc/6666�7/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/111cz/cmdline	Aqua.arm7.elf
File opened for reading	/proc/444/cmdline	Aqua.arm7.elf
File opened for reading	/proc/33/stat	Aqua.arm7.elf
File opened for reading	/proc/111j/stat	Aqua.arm7.elf
File opened for reading	/proc/222m�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/1111[0/cmdline	Aqua.arm7.elf
File opened for reading	/proc/6666f;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777Z;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222�/stat	Aqua.arm7.elf
File opened for reading	/proc/222c�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/6666�8/cmdline	Aqua.arm7.elf
File opened for reading	/proc/444d�/stat	Aqua.arm7.elf
File opened for reading	/proc/1111�/stat	Aqua.arm7.elf
File opened for reading	/proc/7777h;/stat	Aqua.arm7.elf
File opened for reading	/proc/222�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/1111\;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/2222`;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/66/stat	Aqua.arm7.elf
File opened for reading	/proc/3333$5/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/66/cmdline	Aqua.arm7.elf
File opened for reading	/proc/33335/cmdline	Aqua.arm7.elf
File opened for reading	/proc/99ssh/stat	Aqua.arm7.elf
File opened for reading	/proc/7777k;/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/555/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333e;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777q;/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/555s�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/6666�:/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777H;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/111/stat	Aqua.arm7.elf
File opened for reading	/proc/6666�8/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/stat	Aqua.arm7.elf
File opened for reading	/proc/444d�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/22/stat	Aqua.arm7.elf
File opened for reading	/proc/6666;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333�4/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�;/stat	Aqua.arm7.elf
File opened for reading	/proc/2222_;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333�4/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222m�/stat	Aqua.arm7.elf
File opened for reading	/proc/777k�/stat	Aqua.arm7.elf
File opened for reading	/proc/3333e;/stat	Aqua.arm7.elf
File opened for reading	/proc/11/cmdline	Aqua.arm7.elf
File opened for reading	/proc/1111�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222l�/stat	Aqua.arm7.elf
File opened for reading	/proc/44/cmdline	Aqua.arm7.elf
File opened for reading	/proc/333s�/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�;/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�;/stat	Aqua.arm7.elf
File opened for reading	/proc/222~/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333�4/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333�4/cmdline	Aqua.arm7.elf

/tmp/Aqua.arm7.elf
/tmp/Aqua.arm7.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:711

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads