57ace9ac2d07327c5c4faeef3ee5ed06a1cc88fc19cf57d3dcee7a5931a6c522

Analysis

max time kernel
132s
max time network
155s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
23/03/2025, 19:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Aqua.arm7.elf
Size

154KB
MD5

907f7152fd25539edb0b00a78891a0a8
SHA1

f359da80d4af92fb77ef3a15b0d8a993bd658251
SHA256

57ace9ac2d07327c5c4faeef3ee5ed06a1cc88fc19cf57d3dcee7a5931a6c522
SHA512

6b5fc6bfd7c82d4644340586cb193a8a3acacfe8b80c719b27f1a833aa4148011e0544799c480205c222c82a55977e04077e62ac99e3eac38fc83b3dfe5385b1
SSDEEP

3072:4f4f0dXLX2agFSesMQEomZrS3ZSORjiEMmM/9j5J+z+:4f4MdX72agFSesMZoX3gUjiExM/9r+a

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
649	Aqua.arm7.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	648	Aqua.arm7.elf

Reads runtime system information 60 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/2222+/cmdline	Aqua.arm7.elf
File opened for reading	/proc/5555�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/66664/cmdline	Aqua.arm7.elf
File opened for reading	/proc/66/cmdline	Aqua.arm7.elf
File opened for reading	/proc/111m�"/cmdline	Aqua.arm7.elf
File opened for reading	/proc/111c�"/cmdline	Aqua.arm7.elf
File opened for reading	/proc/1111&/cmdline	Aqua.arm7.elf
File opened for reading	/proc/1111)/cmdline	Aqua.arm7.elf
File opened for reading	/proc/5555�/cmdline	Aqua.arm7.elf
File opened for reading	/proc/22/cmdline	Aqua.arm7.elf
File opened for reading	/proc/44/cmdline	Aqua.arm7.elf
File opened for reading	/proc/111�"/cmdline	Aqua.arm7.elf
File opened for reading	/proc/1111�"/cmdline	Aqua.arm7.elf
File opened for reading	/proc/1111�3/cmdline	Aqua.arm7.elf
File opened for reading	/proc/1111�3/cmdline	Aqua.arm7.elf
File opened for reading	/proc/6666`3/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222l�"/cmdline	Aqua.arm7.elf
File opened for reading	/proc/1111�3/cmdline	Aqua.arm7.elf
File opened for reading	/proc/1111�3/cmdline	Aqua.arm7.elf
File opened for reading	/proc/2222�,/cmdline	Aqua.arm7.elf
File opened for reading	/proc/66664/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222i�"/cmdline	Aqua.arm7.elf
File opened for reading	/proc/888s�"/cmdline	Aqua.arm7.elf
File opened for reading	/proc/2222�+/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333�,/cmdline	Aqua.arm7.elf
File opened for reading	/proc/111�"/cmdline	Aqua.arm7.elf
File opened for reading	/proc/66664/cmdline	Aqua.arm7.elf
File opened for reading	/proc/55/cmdline	Aqua.arm7.elf
File opened for reading	/proc/2222D*/cmdline	Aqua.arm7.elf
File opened for reading	/proc/6666�3/cmdline	Aqua.arm7.elf
File opened for reading	/proc/33/cmdline	Aqua.arm7.elf
File opened for reading	/proc/99/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222v�"/cmdline	Aqua.arm7.elf
File opened for reading	/proc/444s�"/cmdline	Aqua.arm7.elf
File opened for reading	/proc/33334/cmdline	Aqua.arm7.elf
File opened for reading	/proc/6666�3/cmdline	Aqua.arm7.elf
File opened for reading	/proc/77/cmdline	Aqua.arm7.elf
File opened for reading	/proc/1111�"/cmdline	Aqua.arm7.elf
File opened for reading	/proc/2222�*/cmdline	Aqua.arm7.elf
File opened for reading	/proc/2222�*/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333�,/cmdline	Aqua.arm7.elf
File opened for reading	/proc/2222z*/cmdline	Aqua.arm7.elf
File opened for reading	/proc/3333/cmdline	Aqua.arm7.elf
File opened for reading	/proc/88ll�"/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222�"/cmdline	Aqua.arm7.elf
File opened for reading	/proc/1111�"/cmdline	Aqua.arm7.elf
File opened for reading	/proc/66665/cmdline	Aqua.arm7.elf
File opened for reading	/proc/66660/cmdline	Aqua.arm7.elf
File opened for reading	/proc/111c�"/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222s�"/cmdline	Aqua.arm7.elf
File opened for reading	/proc/444/cmdline	Aqua.arm7.elf
File opened for reading	/proc/66664/cmdline	Aqua.arm7.elf
File opened for reading	/proc/11/cmdline	Aqua.arm7.elf
File opened for reading	/proc/111/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222/cmdline	Aqua.arm7.elf
File opened for reading	/proc/222�"/cmdline	Aqua.arm7.elf
File opened for reading	/proc/55550/cmdline	Aqua.arm7.elf
File opened for reading	/proc/66663/cmdline	Aqua.arm7.elf
File opened for reading	/proc/6666 4/cmdline	Aqua.arm7.elf
File opened for reading	/proc/1111*$/cmdline	Aqua.arm7.elf

/tmp/Aqua.arm7.elf
/tmp/Aqua.arm7.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:648

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads