7d61eeed1cdcfc76951119b5019a9e7a74a3aa239ae87c75ccbb643302f4b6a7 | Triage

Analysis

max time kernel
147s
max time network
158s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
15-01-2025 13:42

Sharing

Report Analysis Logs

General

Target

Aqua.arm4.elf
Size

126KB
MD5

98eae65139f85485b522eff8ee2d9025
SHA1

8f588a150392b413576e157a7ceb2a70890d6e3c
SHA256

7d61eeed1cdcfc76951119b5019a9e7a74a3aa239ae87c75ccbb643302f4b6a7
SHA512

9c695f5bbda32019e6894ed98b5bd33b3774b9a424744bfd20fdb004a33253839ceef3c0c9ee346018c9a971a3e1dfc82e02d8b9c003a74afd5a998fceffb0e9
SSDEEP

1536:7mB8RVdyVxkevKfRo2/D1f4VXwGITXumagUuO1ZejPLJHSalccwywb9q4U2Erb9V:7mpnkRog4apbumV5tkb8

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
650	Aqua.arm4.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	649	Aqua.arm4.elf

/tmp/Aqua.arm4.elf
/tmp/Aqua.arm4.elf
1⤵
- Deletes itself
- Changes its process name
PID:649

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads