http://162.212.114.3:56594/Mozi.m

Status: finished

Submission Time: 2020-04-18 04:02:11 +02:00

Malicious

Trojan

Comments

Details

Analysis ID:
223570
API (Web) ID:
343770
Analysis Started:

2020-04-18 04:04:53 +02:00
Analysis Finished:

2020-04-18 04:09:32 +02:00
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 52	System: Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)

Third Party Analysis Engines

Open Full Report

malicious

Score: 37/59

Open Full Report

malicious

Score: 16/40

malicious

Score: 17/31

malicious

IPs

IP	Country	Detection
34.246.136.171	United States
13.224.102.34	United States
52.88.148.130	United States
Click to see the 2 hidden entries
162.212.114.3	Canada
52.38.153.3	United States

Domains

Name	IP	Detection
search.r53-2.services.mozilla.com	52.38.153.3
pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com	52.88.148.130
locprod1-elb-eu-west-1.prod.mozaws.net	34.246.136.171
Click to see the 1 hidden entries
balrog-cloudfront.prod.mozaws.net	13.224.102.34

URLs

Name	Detection
http://mozilla.org/MPL/2.0/.
https://normandy.cdn.mozilla.net/api/v1O
https://discovery.addons.allizom.orgQhttps://discovery.addons-dev.allizom.org
Click to see the 23 hidden entries
https://discovery.addons.mozilla.org
https://support.mozilla.org/kb/flash-protected-mode-autodisabled
http://162.212.114.3:56594/Mozi.mnecko:classified1strongly-framed1request-methodGETresponse-headHTTP
https://developer.mozilla.org/en-US/docs/JavaScript_OS.File/OS.File.Info#Cross-platform_Attributes/
http://www.openh264.org/
https://developer.mozilla.org/docs/JavaScript_OS.File
https://bugzilla.mozilla.org/show_bug.cgi?id=1100294
https://bugzilla.mozilla.org/show_bug.cgi?id=1243643
http://162.212.114.3:56594/predictor::seen1
https://bugzilla.mozilla.org/show_bug.cgi?id=1238180
https://discovery.addons.allizom.orgQ
https://discovery.addons-dev.allizom.org
https://support.mozilla.org/kb/reset-firefox-easily-fix-most-problems
https://developer.mozilla.org/en-US/docs/JavaScript_OS.File/OS.File.Info#Cross-platform_Attributes/_
https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causes
http://upx.sf.net
https://www.widevine.com/
http://162.212.114.3:56594/Mozi.m
https://hg.mozilla.org/releases/mozilla-release/rev/c61f5f5ead48c78a80c80db5c489bdc7cfaf8175
https://screenshots.firefox.com/
http://162.212.114.3:56594/
https://normandy.cdn.mozilla.net/api/v1Oextensions.shield-recipe-client.api_urlQextensions.shield-re
http://www.apache.org/licenses/LICENSE-2.0

Dropped files

Name	File Type	Hashes
/tmp/mozilla_user0/81bQXC48.zip.part	ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-trackwhite-simple.sbstore	data	#
/home/user/.mozilla/firefox/v9nzj3nw.default/cookies.sqlite-shm	data	#
Click to see the 64 hidden entries
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/startupCache/urlCache-new.bin	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/startupCache/startupCache.8.little	Zip archive data, at least v2.0 to extract	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/startupCache/scriptCache-new.bin	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/startupCache/scriptCache-child-new.bin	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-unwanted-simple.sbstore	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-unwanted-simple.pset	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-unwanted-simple-1.sbstore	data	#
/home/user/.mozilla/firefox/v9nzj3nw.default/cookies.sqlite-wal	SQLite Write-Ahead Log, version 3007000	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-trackwhite-simple.pset	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-trackwhite-simple-1.sbstore	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-track-simple.sbstore	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-track-simple.pset	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-track-simple-1.sbstore	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-phish-simple.sbstore	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-phish-simple.pset	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-phish-simple-1.sbstore	data	#
/home/user/.mozilla/firefox/v9nzj3nw.default/crashes/store.json.mozlz4.tmp	data	#
/home/user/.mozilla/firefox/v9nzj3nw.default/datareporting/aborted-session-ping.tmp	ASCII text, with very long lines, with no line terminators	#
/home/user/.mozilla/firefox/v9nzj3nw.default/datareporting/session-state.json.tmp	ASCII text, with no line terminators	#
/home/user/.mozilla/firefox/v9nzj3nw.default/favicons.sqlite-shm	data	#
/home/user/.mozilla/firefox/v9nzj3nw.default/gmp-gmpopenh264/1.7.1/gmpopenh264.info.tmp	ASCII text	#
/home/user/.mozilla/firefox/v9nzj3nw.default/gmp-gmpopenh264/1.7.1/libgmpopenh264.so.tmp	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=a6f7711a0f3110c0daf8b925630d2ba49053bb97, not stripped	#
/home/user/.mozilla/firefox/v9nzj3nw.default/places.sqlite-shm	data	#
/home/user/.mozilla/firefox/v9nzj3nw.default/prefs-1.js	ASCII text, with very long lines	#
/home/user/.mozilla/firefox/v9nzj3nw.default/search.json.mozlz4.tmp	data	#
/home/user/.mozilla/firefox/v9nzj3nw.default/sessionCheckpoints.json.tmp	ASCII text, with no line terminators	#
/home/user/.mozilla/firefox/v9nzj3nw.default/storage/permanent/chrome/idb/2918063365piupsah.sqlite-shm	data	#
/home/user/.mozilla/firefox/v9nzj3nw.default/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-shm	data	#
/home/user/.mozilla/firefox/v9nzj3nw.default/webappsstore.sqlite-shm	data	#
/home/user/.mozilla/firefox/v9nzj3nw.default/xulstore.json.tmp	ASCII text, with no line terminators	#
/tmp/tmpaddon	Zip archive data, at least v2.0 to extract	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/base-track-digest256.pset	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/except-flashallow-digest256.pset	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/except-flash-digest256.sbstore	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/except-flash-digest256.pset	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/block-flashsubdoc-digest256.sbstore	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/block-flashsubdoc-digest256.pset	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/block-flash-digest256.sbstore	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/block-flash-digest256.pset	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/base-track-digest256.sbstore	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/except-flashallow-digest256.sbstore	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/allow-flashallow-digest256.sbstore	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/allow-flashallow-digest256.pset	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/cache2/entries/E293DE1609300BB1B8A8CA45B3A45EB3CB38903B	Zip archive data, at least v2.0 to extract	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/cache2/entries/7D0DF88A5F52C22C222EA72EA1AC18B62CF57B56	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/cache2/entries/60E598D79A7B4707F80367139471DF3F05B3BDE5	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/cache2/entries/088901101E9BC905DFA4D442129CEF08E42FB911	ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/activity-stream.tippytop.json.tmp	ASCII text, with very long lines, with no line terminators	#
/home/user/.cache/dconf/user	very short file (no magic)	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/except-flashsubdoc-digest256.pset	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/except-flashsubdoc-digest256.sbstore	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/mozplugin-block-digest256.pset	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/mozplugin-block-digest256.sbstore	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/mozstd-trackwhite-digest256.pset	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/mozstd-trackwhite-digest256.sbstore	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-block-simple-1.sbstore	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-block-simple.pset	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-block-simple.sbstore	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-harmful-simple-1.sbstore	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-harmful-simple.pset	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-harmful-simple.sbstore	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-malware-simple-1.sbstore	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-malware-simple.pset	data	#
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-malware-simple.sbstore	data	#

http://162.212.114.3:56594/Mozi.m

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

http://162.212.114.3:56594/Mozi.m Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

http://162.212.114.3:56594/Mozi.m