i

First submission 2022-10-19 22:29:06 Last sumbission 2024-07-13 13:23:21

File details

File type: ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, no section header
File size: 300.74 KB (307960 bytes)
MD5: 106a736477f5e6efc07bdea0249986f9
SHA1: b8cb63180aad940b1356e310e9bcbfee30a028b5
SHA256: e629334def73be9e166ecdd9d5d73d6be97ef7f7d16f05383892332acb324b73

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

URLs, FQDN and IP indicators 6

URL Host (FQDN/IP) Date Added
hXXp://59.88.5.195:56233/i VirusTotal Report 59.88.5.195 VirusTotal Report 2024-07-13 13:23:22
hXXp://59.88.5.195:56233/bin.sh VirusTotal Report 59.88.5.195 VirusTotal Report 2024-07-13 12:46:07
hXXp://117.253.109.29:55455/i VirusTotal Report 117.253.109.29 VirusTotal Report 2024-07-12 20:46:06
hXXp://117.253.109.29:55455/bin.sh VirusTotal Report 117.253.109.29 VirusTotal Report 2024-07-12 20:05:06
hXXp://59.97.126.247:60032/bin.sh VirusTotal Report 59.97.126.247 VirusTotal Report 2024-07-11 06:41:06
hXXp://59.182.81.237:35698/bin.sh VirusTotal Report 59.182.81.237 VirusTotal Report 2024-07-10 07:07:08

Strings analysis - File found

XML
M7c.xml

Strings analysis - Possible IPs found 12

192.168.0.100
127.0.0.1
8.8.8.8
192.168.1.1
114.114.114.114
212.129.33.59
255.255.255.255
239.255.255.250
87.98.162.88
192.168.3.1
82.221.103.244
130.239.18.159

Strings analysis - Possible URLs found 26

http://upx.sf.net
http://www.w3.org/2001/XMLSchema
https://
http://%s:%d/Mozi.a;sh$
http://%s:%d/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://%s:%d/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
http://%s:%d
http://schemas.xmlsoap.org/soap/encoding/
http://%s:%d/Mozi.m;/tmp/Mozi.m
http://%s:%d/Mozi.m;
http://schemas.xmlsoap.org/soap/envelope//
http://%s:%d/i;chmod
http://127.0.0.1
http://%s:%d/Mozi.m
http://%s:%d/bin.sh;chmod
http://%s:%d/bin.sh
http://schemas.xmlsoap.org/soap/envelope/
http://
http://%s:%d/Mozi.m;$
http://%s:%d/Mozi.m+-O+-
http://purenetworks.com/HNAP1/
http://%s:%d/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcron
http://www.w3.org/2001/XMLSchema-instance
http://ipinfo.io/ip
http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
http://%s:%d/i