Extracted

• • Target

    Hilix.arm6

  • Size

    132KB

  • MD5

    84f29f82375e47da54896318cca0a25c

  • SHA1

    98e5ea6bb2aee886e86645f228eb802939f12cae

  • SHA256

    1d917f4bf859795115547d05608ab2db052ac26b439512411217ca3b8b12ff28

  • SHA512

    af2a392fdc7c78e6f1b95f946dbabfaab194e264c90cd7e8706f258e60910d78a291f04cf49101754bd9517a4f0c5f58b158f61d977477f652af8d55c6fea319

  • SSDEEP

    3072:qXIn1uz5pDpW0/RNZaNEM1ekk/jGBTIJdXlUaxV4DNn:SIn1u9pDLfM1ekkbGCXlUaxV4DNn

  Score

  9^/10

  defense_evasiondiscovery

  • Contacts a large (179051) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery
  behavioral1