f03c5259312800f05981b5834473d64298bef4a62c733d2e962c22cef8a7e532 | Triage

Analysis

max time kernel
139s
max time network
162s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
20/03/2025, 07:27

Sharing

Report Analysis Logs

General

Target

Aqua.arm7.elf
Size

134KB
MD5

e1f863cf51d535937ef9ceb4af2f2493
SHA1

e4c4fcdd4abfc6d0cacfe5bbbbe0e4fd507d4121
SHA256

f03c5259312800f05981b5834473d64298bef4a62c733d2e962c22cef8a7e532
SHA512

440e3066fd541de6ae328acbf1d714fbb6beddb6dcc45c562a67c2a283e3146def42f14138af45d12bb58bb646f781dcd1492aa2b928f2bfa3ca39a5cd72678c
SSDEEP

3072:Km3ZVn6OB/avgTmamhNV3lhgC9fxR/zOz+M/9xLvDq3p:Km3Zws/avgTmamzV5fxR/zjM/9xLvDqZ

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
717	Aqua.arm7.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	714	Aqua.arm7.elf

/tmp/Aqua.arm7.elf
/tmp/Aqua.arm7.elf
1⤵
- Deletes itself
- Changes its process name
PID:714

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads