bin.sh
First submission 2023-06-24 18:49:05
Last sumbission 2024-04-24 00:26:22
File details
| File type: | ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, no section header |
| Mime type: | application/x-executable |
| File size: | 300.74 KB (307960 bytes) |
| MD5: | 106a736477f5e6efc07bdea0249986f9 |
| SHA1: | b8cb63180aad940b1356e310e9bcbfee30a028b5 |
| SHA256: | e629334def73be9e166ecdd9d5d73d6be97ef7f7d16f05383892332acb324b73 |
| Virus Total: | 44/61 VT report date: 2023-06-13 12:32:58 |
File features detected
Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR
URLs, FQDN and IP indicators 1
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXp://117.199.74.54:45865/bin.sh  |
117.199.74.54 |
2024-04-24 00:26:24 |
Strings analysis - File found
| XML |
| M7c.xml |
Strings analysis - Possible IPs found 12
| 130.239.18.159 |
| 82.221.103.244 |
| 192.168.3.1 |
| 87.98.162.88 |
| 239.255.255.250 |
| 255.255.255.255 |
| 212.129.33.59 |
| 114.114.114.114 |
| 192.168.1.1 |
| 8.8.8.8 |
| 127.0.0.1 |
| 192.168.0.100 |
Strings analysis - Possible URLs found 26
| http://%s:%d/i |
| http://baidu.com/%s/%s/%d/%s/%s/%s/%s) |
| http://ipinfo.io/ip |
| http://www.w3.org/2001/XMLSchema-instance |
| http://%s:%d/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcron |
| http://purenetworks.com/HNAP1/ |
| http://%s:%d/Mozi.m+-O+- |
| http://%s:%d/Mozi.m;$ |
| http:// |
| http://schemas.xmlsoap.org/soap/envelope/ |
| http://%s:%d/bin.sh |
| http://%s:%d/bin.sh;chmod |
| http://%s:%d/Mozi.m |
| http://127.0.0.1 |
| http://%s:%d/i;chmod |
| http://schemas.xmlsoap.org/soap/envelope// |
| http://%s:%d/Mozi.m; |
| http://%s:%d/Mozi.m;/tmp/Mozi.m |
| http://schemas.xmlsoap.org/soap/encoding/ |
| http://%s:%d |
| http://%s:%d/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 |
| http://%s:%d/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws |
| http://%s:%d/Mozi.a;sh$ |
| https:// |
| http://www.w3.org/2001/XMLSchema |
| http://upx.sf.net |