Overview

overview

10

Static

static

10

Aqua.x86.elf

ubuntu-22.04-amd64

7

Analysis

  • max time kernel
    137s
  • max time network
    144s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20250307-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20250307-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    23/03/2025, 19:48 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Aqua.x86.elf

  • Size

    61KB

  • MD5

    ae403ef91f4a5a63f9fea903f5c2a598

  • SHA1

    409ca9d7ea942a3eca0d81367ebf5d3843cd3a7a

  • SHA256

    da92f6515014f5f4ca9d22cee708f921a0a2228fdc8220cb188e2b345d9b6e69

  • SHA512

    5982ee2a78b44b85e1b9c13f613683d0c4ecefe3305e69a289c6691caa7c5f1e6a16d19b2a2593b72e92d87f723bb85144efd4f249717a8c4294d22811a928c1

  • SSDEEP

    1536:hsJzVTBEV6t+sJ9b6Vc53mr/OyucnIA3Bda9X81OwoO7R:uJBVEV6tZ2c9mr/OyfnZBaM1F

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Changes its process name 1 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

Network

  • flag-us
    DNS
    kumalala.cloudboats.vip
    Remote address:
    8.8.8.8:53
    Request
    kumalala.cloudboats.vip
    IN A
  • flag-us
    DNS
    kumalala.cloudboats.vip
    Remote address:
    8.8.8.8:53
    Request
    kumalala.cloudboats.vip
    IN A
    Response
    kumalala.cloudboats.vip
    IN A
    89.144.32.113
  • flag-us
    DNS
    Remote address:
    8.8.8.8:53
    Response
  • flag-us
    DNS
    Remote address:
    8.8.8.8:53
    Response
  • flag-us
    DNS
    Remote address:
    8.8.8.8:53
    Response
  • flag-us
    DNS
    Remote address:
    8.8.8.8:53
    Response
  • flag-us
    DNS
    Remote address:
    8.8.8.8:53
    Response
  • flag-us
    DNS
    Remote address:
    8.8.8.8:53
    Response
  • flag-us
    DNS
    Remote address:
    8.8.8.8:53
    Response
  • flag-us
    DNS
    Remote address:
    8.8.8.8:53
    Response
  • flag-us
    DNS
    Remote address:
    8.8.8.8:53
    Response
  • flag-us
    DNS
    Remote address:
    8.8.8.8:53
    Response
  • flag-us
    DNS
    Remote address:
    8.8.8.8:53
    Response
  • flag-us
    DNS
    Remote address:
    8.8.8.8:53
    Response
  • flag-us
    DNS
    Remote address:
    8.8.8.8:53
    Response
  • 89.190.156.145:7733
    420 B
     7
  • 89.144.32.113:33966
    kumalala.cloudboats.vip
    531 B
     303 B
     10
    5
  • 89.144.32.113:33966
    kumalala.cloudboats.vip
    809 B
     742 B
     15
    14
  • 224.0.0.251:5353
    146 B
     2
  • 8.8.8.8:53
    kumalala.cloudboats.vip
    dns
    69 B
     1

    DNS Request

    kumalala.cloudboats.vip

  • 8.8.8.8:53
    kumalala.cloudboats.vip
    dns
    69 B
     85 B
     1
    1

    DNS Request

    kumalala.cloudboats.vip

    DNS Response

    89.144.32.113

  • 8.8.8.8:53
    dns
    70 B
     40 B
     1
    1
  • 8.8.8.8:53
    dns
    70 B
     40 B
     1
    1
  • 8.8.8.8:53
    dns
    70 B
     40 B
     1
    1
  • 8.8.8.8:53
    dns
    70 B
     40 B
     1
    1
  • 8.8.8.8:53
    dns
    70 B
     40 B
     1
    1
  • 8.8.8.8:53
    dns
    69 B
     40 B
     1
    1
  • 8.8.8.8:53
    dns
    69 B
     1
  • 8.8.8.8:53
    dns
    69 B
     40 B
     1
    1
  • 8.8.8.8:53
    dns
    69 B
     40 B
     1
    1
  • 8.8.8.8:53
    dns
    69 B
     40 B
     1
    1
  • 8.8.8.8:53
    dns
    70 B
     1
  • 8.8.8.8:53
    dns
    70 B
     40 B
     1
    1
  • 8.8.8.8:53
    dns
    70 B
     40 B
     1
    1
  • 8.8.8.8:53
    dns
    70 B
     40 B
     1
    1
  • 8.8.8.8:53
    dns
    70 B
     40 B
     1
    1

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.