Analysis
-
max time kernel
49s -
max time network
61s -
platform
debian-9_armhf -
resource
debian9-armhf-20240418-en -
resource tags
-
submitted
16-02-2025 08:06
General
-
Target
Hilix.arm6
-
Size
132KB
-
MD5
84f29f82375e47da54896318cca0a25c
-
SHA1
98e5ea6bb2aee886e86645f228eb802939f12cae
-
SHA256
1d917f4bf859795115547d05608ab2db052ac26b439512411217ca3b8b12ff28
-
SHA512
af2a392fdc7c78e6f1b95f946dbabfaab194e264c90cd7e8706f258e60910d78a291f04cf49101754bd9517a4f0c5f58b158f61d977477f652af8d55c6fea319
-
SSDEEP
3072:qXIn1uz5pDpW0/RNZaNEM1ekk/jGBTIJdXlUaxV4DNn:SIn1u9pDLfM1ekkbGCXlUaxV4DNn
Malware Config
Signatures
-
Contacts a large (179051) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Changes its process name 1 IoCs
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 33 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/Hilix.arm6/tmp/Hilix.arm61⤵
- Modifies Watchdog functionality
- Enumerates active TCP sockets
- Changes its process name
- Reads system network configuration
- Reads runtime system information