Extracted

• • Target

    Hilix.arm7.elf

  • Size

    132KB

  • MD5

    e3ac69a36f2e4af1feeacde52bcfb8c0

  • SHA1

    e26c24c901bff1b1bffa06a4e71059decf92b889

  • SHA256

    6ce386b022ec59ff7af039daa2cb5b69bec02fa17d0c0aaa0d6b06d4021d152e

  • SHA512

    cc71df282662722c384633ba06b9404f6bf8d451b57cd438599d9fadc193ffd436ea413f310c81950249ff78cbacc4a6e06d39bacc555060175c99cfac0c41fc

  • SSDEEP

    3072:qXIn1uz5pDpW0/RNZaNEM1ekk/jGBTIJdX1O3M/94DNn:SIn1u9pDLfM1ekkbGCX1SM/94DNn

  Score

  9^/10

  defense_evasiondiscovery

  • Contacts a large (591566) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery
  behavioral1