8361bc3712d0e9a5df09df0f3fce016699b33996ec50bc4a75ddbec71127f9ed

Analysis

max time kernel
150s
max time network
152s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
26-01-2025 04:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Aqua.arm7.elf
Size

204KB
MD5

ad9cdc44bc20120c61e41bf542552924
SHA1

d4ce210d33252ce2aa67e4e72d072e02122b4df7
SHA256

8361bc3712d0e9a5df09df0f3fce016699b33996ec50bc4a75ddbec71127f9ed
SHA512

1c8c9fe31685c09523e10e034d8fa94bb0132af1270f33c593908bee763b58d6b5df29bc89f51196ecc562bad22430e67f6393cf4a4d1f22db364e453812c5c2
SSDEEP

6144:Rdq+j3uigacvucaDxoWCZGq8kvVpM+uxGM/RzMIQ:R/j3u2aucadoWCZHP9p2xf/uIQ

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
710	Aqua.arm7.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	709	Aqua.arm7.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/22/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�;/stat	Aqua.arm7.elf
File opened for reading	/proc/111cx/cmdline	Aqua.arm7.elf
File opened for reading	/proc/444/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333�4/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�;/stat	Aqua.arm7.elf
File opened for reading	/proc/7777</stat	Aqua.arm7.elf
File opened for reading	/proc/7777</cmdline	Aqua.arm7.elf
File opened for reading	/proc/77/cmdline	Aqua.arm7.elf
File opened for reading	/proc/22/stat	Aqua.arm7.elf
File opened for reading	/proc/222m�/stat	Aqua.arm7.elf
File opened for reading	/proc/333s�/stat	Aqua.arm7.elf
File opened for reading	/proc/6666�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/555s�/stat	Aqua.arm7.elf
File opened for reading	/proc/55/cmdline	Aqua.arm7.elf
File opened for reading	/proc/111cz/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333�4/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/stat	Aqua.arm7.elf
File opened for reading	/proc/7777</cmdline	Aqua.arm7.elf
File opened for reading	/proc/44/cmdline	Aqua.arm7.elf
File opened for reading	/proc/4444<8/cmdline	Aqua.arm7.elf
File opened for reading	/proc/1111x1/stat	Aqua.arm7.elf
File opened for reading	/proc/6666�;/stat	Aqua.arm7.elf
File opened for reading	/proc/1111�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333c5/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�;/stat	Aqua.arm7.elf
File opened for reading	/proc/66667;/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�;/stat	Aqua.arm7.elf
File opened for reading	/proc/7777</stat	Aqua.arm7.elf
File opened for reading	/proc/33/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333#5/cmdline	Aqua.arm7.elf
File opened for reading	/proc/33335/stat	Aqua.arm7.elf
File opened for reading	/proc/44447/stat	Aqua.arm7.elf
File opened for reading	/proc/77771</cmdline	Aqua.arm7.elf
File opened for reading	/proc/111up/cmdline	Aqua.arm7.elf
File opened for reading	/proc/333s�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/44/stat	Aqua.arm7.elf
File opened for reading	/proc/6666�;/stat	Aqua.arm7.elf
File opened for reading	/proc/111h/stat	Aqua.arm7.elf
File opened for reading	/proc/222/stat	Aqua.arm7.elf
File opened for reading	/proc/222�/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�;/stat	Aqua.arm7.elf
File opened for reading	/proc/11/cmdline	Aqua.arm7.elf
File opened for reading	/proc/1111x1/cmdline	Aqua.arm7.elf
File opened for reading	/proc/2222R4/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/777k�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/11/stat	Aqua.arm7.elf
File opened for reading	/proc/1111�;/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/stat	Aqua.arm7.elf
File opened for reading	/proc/222l�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333�4/cmdline	Aqua.arm7.elf
File opened for reading	/proc/777/stat	Aqua.arm7.elf

/tmp/Aqua.arm7.elf
/tmp/Aqua.arm7.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:709

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads