Overview

overview

10

Static

static

10

Hilix.x86.elf

ubuntu-18.04-amd64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Hilix.x86.elf

  • Size

    83KB

  • Sample

    250216-h4g6zsyjbq

  • MD5

    a369b46bb62da64612f4322a883db47d

  • SHA1

    447554958fec2a40125b2d43557ed6d3df779c5a

  • SHA256

    280fbbbc0c0d44dab20b340f544f9fea1957baac91cd2a9c053e6843d55bebe7

  • SHA512

    f91d5c334ac47ac69e5199267a0f5abdb39f92447638df72de4f1071e52a8dd005804463c0acf2ac4896beb3d297fd7a0ded761094a3579b97062adec9560ec3

  • SSDEEP

    1536:mymAfVSYsmqHgGYBY2WB1zEkMIhMimZuhArqIGrrcT2YybrddiEz9:mymAfkJReSLzRTmjr9GZTvn9

Score
10/10
miraisoradefense_evasiondiscoverylinux

Malware Config

Extracted

Family

mirai

Botnet

SORA

Targets

    • Target

      Hilix.x86.elf

    • Size

      83KB

    • MD5

      a369b46bb62da64612f4322a883db47d

    • SHA1

      447554958fec2a40125b2d43557ed6d3df779c5a

    • SHA256

      280fbbbc0c0d44dab20b340f544f9fea1957baac91cd2a9c053e6843d55bebe7

    • SHA512

      f91d5c334ac47ac69e5199267a0f5abdb39f92447638df72de4f1071e52a8dd005804463c0acf2ac4896beb3d297fd7a0ded761094a3579b97062adec9560ec3

    • SSDEEP

      1536:mymAfVSYsmqHgGYBY2WB1zEkMIhMimZuhArqIGrrcT2YybrddiEz9:mymAfkJReSLzRTmjr9GZTvn9

    Score
    9/10
    defense_evasiondiscovery

    • Contacts a large (227938) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

      discovery

    • Enumerates running processes

      Discovers information about currently running processes on the system

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks