c6ef2f81f20d24cbf71667066124ada305803f14ef68c0862e8756d491b1e4c1

Analysis

max time kernel
150s
max time network
154s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
07-02-2025 09:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Aqua.arm7.elf
Size

153KB
MD5

c7cd16754ca51abdee292b0497ee078e
SHA1

346e47ca289baa05766e6ebe3b294525d7a51cdd
SHA256

c6ef2f81f20d24cbf71667066124ada305803f14ef68c0862e8756d491b1e4c1
SHA512

89322912c9e39ef8a5559898832c8b8e09b45f171d39a3575b742e4c236b86531194e2ec7ab20c40a1d35215e5ccd96e320d1b6ab63550903ff6caa4c0a635c7
SSDEEP

3072:30MUdehIVNTkaGGiuM1BB6+5rhW+cqbMa/mCGM/9zODF9z+:30MUMhWdkaGGiuM1D6gWd6Ma/mrM/9GK

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
709	Aqua.arm7.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	708	Aqua.arm7.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/555k�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/333s�/stat	Aqua.arm7.elf
File opened for reading	/proc/1111�;/stat	Aqua.arm7.elf
File opened for reading	/proc/6666i;/stat	Aqua.arm7.elf
File opened for reading	/proc/222m�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/99/stat	Aqua.arm7.elf
File opened for reading	/proc/222�/stat	Aqua.arm7.elf
File opened for reading	/proc/88/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�;/stat	Aqua.arm7.elf
File opened for reading	/proc/7777</cmdline	Aqua.arm7.elf
File opened for reading	/proc/333�/stat	Aqua.arm7.elf
File opened for reading	/proc/3333F5/cmdline	Aqua.arm7.elf
File opened for reading	/proc/99ssj/stat	Aqua.arm7.elf
File opened for reading	/proc/444d�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222v�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222c�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/333�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/2222n4/cmdline	Aqua.arm7.elf
File opened for reading	/proc/111/cmdline	Aqua.arm7.elf
File opened for reading	/proc/111141/cmdline	Aqua.arm7.elf
File opened for reading	/proc/333s�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333u4/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�;/stat	Aqua.arm7.elf
File opened for reading	/proc/77777</stat	Aqua.arm7.elf
File opened for reading	/proc/111sl/cmdline	Aqua.arm7.elf
File opened for reading	/proc/66/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222�/stat	Aqua.arm7.elf
File opened for reading	/proc/7777'</cmdline	Aqua.arm7.elf
File opened for reading	/proc/77776</cmdline	Aqua.arm7.elf
File opened for reading	/proc/111x/cmdline	Aqua.arm7.elf
File opened for reading	/proc/5555R8/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333fffffff/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�;/stat	Aqua.arm7.elf
File opened for reading	/proc/7777</stat	Aqua.arm7.elf
File opened for reading	/proc/222m�/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/11/cmdline	Aqua.arm7.elf
File opened for reading	/proc/55/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/333s�/stat	Aqua.arm7.elf
File opened for reading	/proc/777/stat	Aqua.arm7.elf
File opened for reading	/proc/77/cmdline	Aqua.arm7.elf
File opened for reading	/proc/6666;;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/333�/stat	Aqua.arm7.elf
File opened for reading	/proc/5555�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/333�/stat	Aqua.arm7.elf
File opened for reading	/proc/777k�/stat	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/7777�;/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333�4/stat	Aqua.arm7.elf
File opened for reading	/proc/3333�6/stat	Aqua.arm7.elf
File opened for reading	/proc/222m�/stat	Aqua.arm7.elf
File opened for reading	/proc/555s�/stat	Aqua.arm7.elf
File opened for reading	/proc/1111�/stat	Aqua.arm7.elf
File opened for reading	/proc/2222n4/stat	Aqua.arm7.elf
File opened for reading	/proc/333c�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/111c~/stat	Aqua.arm7.elf
File opened for reading	/proc/444s�/stat	Aqua.arm7.elf
File opened for reading	/proc/555/stat	Aqua.arm7.elf
File opened for reading	/proc/444d�/stat	Aqua.arm7.elf

/tmp/Aqua.arm7.elf
/tmp/Aqua.arm7.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:708

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads