General

  • Target

    Hilix.arm7

  • Size

    132KB

  • Sample

    211207-m32w8agggm

  • MD5

    19fd1ca9c1b0f5177865abbaf97705ae

  • SHA1

    079e8855091e1a6f94c83d03a734e143a45ba7c2

  • SHA256

    22d6c683122562463b531729525ac896a9afffd63dcd527ee3a9f484500b960f

  • SHA512

    a2dfba874189da740c9ad260c15ee1655e6579248305f5254595918803d6187e5da3a3a51b0bad0d9336bca4c4c8443db6521ddf099946f28aa228b002fb3ec1

Score
10/10

Malware Config

Targets

    • Target

      Hilix.arm7

    • Size

      132KB

    • MD5

      19fd1ca9c1b0f5177865abbaf97705ae

    • SHA1

      079e8855091e1a6f94c83d03a734e143a45ba7c2

    • SHA256

      22d6c683122562463b531729525ac896a9afffd63dcd527ee3a9f484500b960f

    • SHA512

      a2dfba874189da740c9ad260c15ee1655e6579248305f5254595918803d6187e5da3a3a51b0bad0d9336bca4c4c8443db6521ddf099946f28aa228b002fb3ec1

    Score
    9/10
    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Impair Defenses

1
T1562

Discovery

System Network Connections Discovery

1
T1049

System Network Configuration Discovery

1
T1016

Tasks