Extracted

• • Target

    Hilix.arm7.elf

  • Size

    132KB

  • MD5

    ea641f5c601d8b8e471976e91ab5c691

  • SHA1

    a2a27d0ecb0c5f6c84a4e8988e8c6798c3d22c41

  • SHA256

    37e373ed01d53db33f4cb20043f1b35445d882d95c05ea8bf533a3a889a88942

  • SHA512

    bbf2c496b46c0d7236573770b6b9d04307242372a58aa5e05fd142b6ba24fc4877cdea0beda4d8e8b6c1e33e45c56343c9d4235d5ef38fbd41851f5e09ba28d2

  • SSDEEP

    3072:SvX8lu0ppD6+iMRNZJJEDtekESV0Oy+vnxX1O3M/9D+DNn:iX8luepDdeDtekEfOhX1SM/9D+DNn

  Score

  9^/10

  defense_evasiondiscovery

  • Contacts a large (619607) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery
  behavioral1