22d6c683122562463b531729525ac896a9afffd63dcd527ee3a9f484500b960f

Analysis

max time kernel
0s
max time network
58s
platform
linux_armhf
resource
debian9-armhf-en-20211025
submitted
07-12-2021 11:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Hilix.arm7
Size

132KB
MD5

19fd1ca9c1b0f5177865abbaf97705ae
SHA1

079e8855091e1a6f94c83d03a734e143a45ba7c2
SHA256

22d6c683122562463b531729525ac896a9afffd63dcd527ee3a9f484500b960f
SHA512

a2dfba874189da740c9ad260c15ee1655e6579248305f5254595918803d6187e5da3a3a51b0bad0d9336bca4c4c8443db6521ddf099946f28aa228b002fb3ec1

Score

9^/10

Malware Config

Signatures

Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

Impair Defenses
T1562
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.

System Network Connections Discovery
T1049

Processes:

description ioc

/proc/net/tcp /proc/net/tcp
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery
T1016

Processes:

description ioc

/proc/net/tcp /proc/net/tcp

description	ioc
/proc/net/tcp	/proc/net/tcp

description	ioc
/proc/net/tcp	/proc/net/tcp

Reads runtime system information 26 IoCs

Reads data from /proc virtual filesystem.

Processes:

description	ioc
/proc/371/fd	/proc/371/fd
/proc/373/fd	/proc/373/fd
/proc/376/fd	/proc/376/fd
/proc/371/exe	/proc/371/exe
/proc/1/fd	/proc/1/fd
/proc/323/fd	/proc/323/fd
/proc/325/fd	/proc/325/fd
/proc/370/fd	/proc/370/fd
/proc/381/fd	/proc/381/fd
/proc/240/fd	/proc/240/fd
/proc/286/fd	/proc/286/fd
/proc/291/fd	/proc/291/fd
/proc/368/fd	/proc/368/fd
/proc/	/proc/
/proc/242/fd	/proc/242/fd
/proc/244/fd	/proc/244/fd
/proc/257/fd	/proc/257/fd
/proc/374/fd	/proc/374/fd
/proc/375/fd	/proc/375/fd
/proc/382/fd	/proc/382/fd
/proc/389{1,1T	/proc/389{1,1T
/proc/368/exe	/proc/368/exe
/proc/293/fd	/proc/293/fd
/proc/302/fd	/proc/302/fd
/proc/320/fd	/proc/320/fd
/proc/326/fd	/proc/326/fd

./Hilix.arm7
./Hilix.arm7
1⤵
PID:367

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

System Network Connections Discovery

T1049

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads