fd582bdfee1354e819d3d5c52d34b2ac32ed0497c88410717943a337cd4f4fc9 | Triage

Analysis

max time kernel
134s
max time network
143s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
15-01-2025 13:43

Sharing

Report Analysis Logs

General

Target

Aqua.arm7.elf
Size

138KB
MD5

9a7346a4a07a4fe744cb28b4e5373ef5
SHA1

e09b0fe82ecd8d05b33a71aa9cad8bce2f56830f
SHA256

fd582bdfee1354e819d3d5c52d34b2ac32ed0497c88410717943a337cd4f4fc9
SHA512

1ac95ea97a0f30609c3e04eb18e6808fde7f4e0a85669fb981b8378dded2266b6a74f34ac067617daca0582658c34e86a90e855b1b33ed8afc7fd829104ea4de
SSDEEP

3072:20vAPHlbfdqaYDavTmwWpSI9yeiBhAM/9ZIPuZVFJ:20vAPHFVqaYDavTfWLyeiBqM/9KWZVH

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
713	Aqua.arm7.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	711	Aqua.arm7.elf

/tmp/Aqua.arm7.elf
/tmp/Aqua.arm7.elf
1⤵
- Deletes itself
- Changes its process name
PID:711

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads