471ea8978d65fe10135eab3d50bfbb37efe60f2f2b7b516adf39d9606778e0ca

Analysis

max time kernel
143s
max time network
155s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
25-01-2025 04:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Aqua.arm7.elf
Size

205KB
MD5

f6d3cb6d06fb441fb026c0bcce8b0ae4
SHA1

3e478220c7d4d230f484e613bc757ec88d442550
SHA256

471ea8978d65fe10135eab3d50bfbb37efe60f2f2b7b516adf39d9606778e0ca
SHA512

566dd976e4af1036efd7c2a5ee63416ada04ae3ab579c0238b6620250e15ec639b0364d81cc80f1aefcaa7d9d1e72eba6846462e3bb712f811d4cb90a3368cab
SSDEEP

6144:Rdq+j3uigacvucaDxoWCZGq8kvVpM+uxGM/RzMIu:R/j3u2aucadoWCZHP9p2xf/uIu

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
714	Aqua.arm7.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	712	Aqua.arm7.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/333s�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/555k�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/1111Y0/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333t4/cmdline	Aqua.arm7.elf
File opened for reading	/proc/111l/cmdline	Aqua.arm7.elf
File opened for reading	/proc/111/cmdline	Aqua.arm7.elf
File opened for reading	/proc/333/cmdline	Aqua.arm7.elf
File opened for reading	/proc/2222T4/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333�4/cmdline	Aqua.arm7.elf
File opened for reading	/proc/6666�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/77/cmdline	Aqua.arm7.elf
File opened for reading	/proc/444/cmdline	Aqua.arm7.elf
File opened for reading	/proc/2222�2/cmdline	Aqua.arm7.elf
File opened for reading	/proc/6666�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777&</cmdline	Aqua.arm7.elf
File opened for reading	/proc/333�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/4444#8/cmdline	Aqua.arm7.elf
File opened for reading	/proc/6666t;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/111c\|/cmdline	Aqua.arm7.elf
File opened for reading	/proc/33335/cmdline	Aqua.arm7.elf
File opened for reading	/proc/5555?8/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222v�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/1111</cmdline	Aqua.arm7.elf
File opened for reading	/proc/33335/cmdline	Aqua.arm7.elf
File opened for reading	/proc/111v/cmdline	Aqua.arm7.elf
File opened for reading	/proc/333�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/333s�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/5555"</cmdline	Aqua.arm7.elf
File opened for reading	/proc/22/cmdline	Aqua.arm7.elf
File opened for reading	/proc/777/cmdline	Aqua.arm7.elf
File opened for reading	/proc/4444�6/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777</cmdline	Aqua.arm7.elf
File opened for reading	/proc/444s�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/111ut/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222l�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/33335/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777%</cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777</cmdline	Aqua.arm7.elf
File opened for reading	/proc/55/cmdline	Aqua.arm7.elf
File opened for reading	/proc/1111�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333f5/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777$</cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777'</cmdline	Aqua.arm7.elf
File opened for reading	/proc/222c�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333�4/cmdline	Aqua.arm7.elf
File opened for reading	/proc/6666�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/88/cmdline	Aqua.arm7.elf
File opened for reading	/proc/111c~/cmdline	Aqua.arm7.elf
File opened for reading	/proc/2222�3/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777 </cmdline	Aqua.arm7.elf
File opened for reading	/proc/44/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222m�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/555/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333fffffff/cmdline	Aqua.arm7.elf
File opened for reading	/proc/6666#</cmdline	Aqua.arm7.elf
File opened for reading	/proc/11/cmdline	Aqua.arm7.elf
File opened for reading	/proc/99ssj/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333�6/cmdline	Aqua.arm7.elf
File opened for reading	/proc/66/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222�/cmdline	Aqua.arm7.elf

/tmp/Aqua.arm7.elf
/tmp/Aqua.arm7.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:712

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads