bin.sh
First submission 2022-10-19 22:29:06
File details
| File type: | ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, no section header |
| File type: | 300.74 KB (307960 bytes) |
| MD5: | 106a736477f5e6efc07bdea0249986f9 |
| SHA1: | b8cb63180aad940b1356e310e9bcbfee30a028b5 |
| SHA256: | e629334def73be9e166ecdd9d5d73d6be97ef7f7d16f05383892332acb324b73 |
| Virus Total: | 44/63 VT report date: 2022-09-30 16:21:33 |
File features detected
Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR
URLs, FQDN and IP indicators 81
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXp://59.97.169.22:44690/bin.sh  |
59.97.169.22 |
2023-02-04 00:02:07 |
| hXXp://117.196.28.200:58505/Mozi.m |
117.196.28.200 |
2023-02-03 17:13:07 |
| hXXp://117.216.26.218:59869/i |
117.216.26.218 |
2023-01-31 18:09:08 |
| hXXp://117.216.26.218:59869/bin.sh |
117.216.26.218 |
2023-01-31 17:39:08 |
| hXXp://117.253.151.236:47029/i |
117.253.151.236 |
2023-01-29 13:15:06 |
| hXXp://117.253.151.236:47029/bin.sh |
117.253.151.236 |
2023-01-29 02:05:06 |
| hXXp://117.252.175.29:36359/i |
117.252.175.29 |
2023-01-27 23:06:05 |
| hXXp://117.198.175.107:51357/i |
117.198.175.107 |
2023-01-27 18:58:07 |
| hXXp://117.193.113.2:57465/Mozi.m |
117.193.113.2 |
2023-01-27 09:42:06 |
| hXXp://117.201.207.78:60701/Mozi.m |
117.201.207.78 |
2023-01-27 06:26:06 |
| hXXp://117.194.166.199:34435/Mozi.m |
117.194.166.199 |
2023-01-26 18:19:07 |
| hXXp://117.252.172.245:41199/Mozi.m |
117.252.172.245 |
2023-01-25 20:16:08 |
| hXXp://59.92.167.110:52069/Mozi.m |
59.92.167.110 |
2023-01-25 03:52:11 |
| hXXp://117.199.12.213:36304/Mozi.m |
117.199.12.213 |
2023-01-24 15:52:10 |
| hXXp://117.198.246.176:47776/i |
117.198.246.176 |
2023-01-20 14:34:06 |
| hXXp://59.94.200.81:60662/Mozi.m |
59.94.200.81 |
2023-01-18 16:20:06 |
| hXXp://59.93.29.210:36359/Mozi.m |
59.93.29.210 |
2023-01-17 10:41:06 |
| hXXp://117.198.161.39:60701/Mozi.m |
117.198.161.39 |
2023-01-12 18:00:08 |
| hXXp://117.194.146.202:59070/Mozi.m |
117.194.146.202 |
2023-01-12 12:45:08 |
| hXXp://117.196.18.66:43670/i |
117.196.18.66 |
2023-01-11 23:06:06 |
| hXXp://117.196.18.66:43670/bin.sh |
117.196.18.66 |
2023-01-11 22:39:06 |
| hXXp://117.198.160.138:53598/Mozi.m |
117.198.160.138 |
2023-01-10 21:27:07 |
| hXXp://117.195.82.97:51043/bin.sh |
117.195.82.97 |
2023-01-09 19:50:06 |
| hXXp://117.216.4.108:56084/i |
117.216.4.108 |
2023-01-09 12:31:07 |
| hXXp://117.195.104.22:35743/i |
117.195.104.22 |
2023-01-09 09:37:07 |
| hXXp://59.96.28.145:48304/i |
59.96.28.145 |
2023-01-08 20:43:04 |
| hXXp://117.248.62.16:42192/Mozi.m |
117.248.62.16 |
2023-01-08 19:30:06 |
| hXXp://59.96.28.145:48304/bin.sh |
59.96.28.145 |
2023-01-08 17:02:06 |
| hXXp://117.212.175.164:37594/Mozi.m |
117.212.175.164 |
2023-01-08 14:58:06 |
| hXXp://117.252.208.176:56706/Mozi.m |
117.252.208.176 |
2023-01-07 12:38:07 |
| hXXp://117.215.218.199:32813/Mozi.m |
117.215.218.199 |
2023-01-05 23:28:10 |
| hXXp://117.198.161.255:60701/Mozi.m |
117.198.161.255 |
2023-01-04 20:45:07 |
| hXXp://59.96.25.42:51665/Mozi.a |
59.96.25.42 |
2023-01-04 12:01:06 |
| hXXp://117.216.21.63:60738/bin.sh |
117.216.21.63 |
2022-12-29 02:49:05 |
| hXXp://117.193.114.17:39926/Mozi.m |
117.193.114.17 |
2022-12-28 11:28:06 |
| hXXp://117.194.168.44:57078/Mozi.m |
117.194.168.44 |
2022-12-27 23:42:07 |
| hXXp://117.193.117.205:34903/bin.sh |
117.193.117.205 |
2022-12-27 06:06:05 |
| hXXp://117.198.167.229:47702/Mozi.m |
117.198.167.229 |
2022-12-26 22:40:06 |
| hXXp://117.194.164.90:57053/Mozi.m |
117.194.164.90 |
2022-12-26 21:30:06 |
| hXXp://42.235.40.224:48288/Mozi.m |
42.235.40.224 |
2022-12-26 13:15:05 |
| hXXp://117.208.239.163:42439/i |
117.208.239.163 |
2022-12-26 12:59:05 |
| hXXp://117.208.239.163:42439/bin.sh |
117.208.239.163 |
2022-12-26 12:32:07 |
| hXXp://117.214.219.129:60924/Mozi.a |
117.214.219.129 |
2022-12-23 17:17:06 |
| hXXp://117.194.162.194:45415/bin.sh |
117.194.162.194 |
2022-12-23 16:30:09 |
| hXXp://117.213.5.95:34184/Mozi.m |
117.213.5.95 |
2022-12-23 02:22:47 |
| hXXp://117.243.169.160:41871/bin.sh |
117.243.169.160 |
2022-12-22 16:36:07 |
| hXXp://117.212.167.29:60315/Mozi.m |
117.212.167.29 |
2022-12-22 07:41:05 |
| hXXp://117.215.222.171:59649/bin.sh |
117.215.222.171 |
2022-12-22 03:13:06 |
| hXXp://117.243.174.122:47593/Mozi.m |
117.243.174.122 |
2022-12-22 01:40:07 |
| hXXp://59.99.135.148:51614/Mozi.a |
59.99.135.148 |
2022-12-21 19:37:07 |
| hXXp://117.213.5.156:37564/Mozi.m |
117.213.5.156 |
2022-12-21 09:48:07 |
| hXXp://117.216.19.0:50491/i |
117.216.19.0 |
2022-12-20 12:43:06 |
| hXXp://117.216.19.0:50491/bin.sh |
117.216.19.0 |
2022-12-20 12:25:07 |
| hXXp://117.213.44.191:52478/Mozi.m |
117.213.44.191 |
2022-12-19 10:26:07 |
| hXXp://123.8.79.209:46150/Mozi.m |
123.8.79.209 |
2022-12-19 03:13:06 |
| hXXp://27.5.20.34:44001/Mozi.m |
27.5.20.34 |
2022-12-17 14:01:05 |
| hXXp://117.195.93.63:33730/i |
117.195.93.63 |
2022-12-10 01:33:07 |
| hXXp://117.255.27.160:45658/Mozi.m |
117.255.27.160 |
2022-12-09 15:44:16 |
| hXXp://59.93.27.83:38233/i |
59.93.27.83 |
2022-12-09 08:01:06 |
| hXXp://59.93.27.83:38233/bin.sh |
59.93.27.83 |
2022-12-09 06:50:07 |
| hXXp://117.195.93.63:33730/bin.sh |
117.195.93.63 |
2022-12-09 03:37:05 |
| hXXp://59.93.27.83:38233/Mozi.m |
59.93.27.83 |
2022-12-08 13:49:06 |
| hXXp://59.93.25.237:47546/Mozi.m |
59.93.25.237 |
2022-12-08 05:09:17 |
| hXXp://117.213.46.126:52587/i |
117.213.46.126 |
2022-11-30 17:22:07 |
| hXXp://117.204.70.112:56760/bin.sh |
117.204.70.112 |
2022-11-30 07:34:07 |
| hXXp://125.44.47.137:47522/Mozi.m |
125.44.47.137 |
2022-11-27 07:49:09 |
| hXXp://117.195.91.103:56928/i |
117.195.91.103 |
2022-11-26 05:03:05 |
| hXXp://117.195.91.103:56928/bin.sh |
117.195.91.103 |
2022-11-26 04:46:05 |
| hXXp://117.212.175.224:58871/Mozi.m |
117.212.175.224 |
2022-11-25 15:08:06 |
| hXXp://117.216.26.253:48005/Mozi.m |
117.216.26.253 |
2022-11-21 22:44:04 |
| hXXp://117.216.7.121:49852/Mozi.m |
117.216.7.121 |
2022-11-21 14:54:07 |
| hXXp://61.3.181.176:42341/Mozi.m |
61.3.181.176 |
2022-11-20 05:59:25 |
| hXXp://59.92.70.133:33866/Mozi.m |
59.92.70.133 |
2022-11-13 12:58:45 |
| hXXp://59.92.160.201:51579/Mozi.m |
59.92.160.201 |
2022-11-09 14:19:36 |
| hXXp://117.216.28.165:35864/Mozi.m |
117.216.28.165 |
2022-11-09 07:02:36 |
| hXXp://117.216.0.73:41459/Mozi.m |
117.216.0.73 |
2022-11-05 09:58:37 |
| hXXp://117.212.171.169:59892/Mozi.m |
117.212.171.169 |
2022-11-04 15:11:38 |
| hXXp://59.99.206.158:41512/Mozi.m |
59.99.206.158 |
2022-11-03 00:28:41 |
| hXXp://117.194.144.198:45060/i |
117.194.144.198 |
2022-10-21 00:40:10 |
| hXXp://117.208.239.183:36665/Mozi.m |
117.208.239.183 |
2022-10-20 06:44:07 |
| hXXp://117.215.208.112:60766/Mozi.m |
117.215.208.112 |
2022-10-19 22:29:06 |
Strings analysis - File found
| XML |
| M7c.xml |
Strings analysis - Possible IPs found 12
| 192.168.0.100 |
| 127.0.0.1 |
| 8.8.8.8 |
| 192.168.1.1 |
| 114.114.114.114 |
| 212.129.33.59 |
| 255.255.255.255 |
| 239.255.255.250 |
| 87.98.162.88 |
| 192.168.3.1 |
| 82.221.103.244 |
| 130.239.18.159 |
Strings analysis - Possible URLs found 26
| http://upx.sf.net |
| http://www.w3.org/2001/XMLSchema |
| https:// |
| http://%s:%d/Mozi.a;sh$ |
| http://%s:%d/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws |
| http://%s:%d/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 |
| http://%s:%d |
| http://schemas.xmlsoap.org/soap/encoding/ |
| http://%s:%d/Mozi.m;/tmp/Mozi.m |
| http://%s:%d/Mozi.m; |
| http://schemas.xmlsoap.org/soap/envelope// |
| http://%s:%d/i;chmod |
| http://127.0.0.1 |
| http://%s:%d/Mozi.m |
| http://%s:%d/bin.sh;chmod |
| http://%s:%d/bin.sh |
| http://schemas.xmlsoap.org/soap/envelope/ |
| http:// |
| http://%s:%d/Mozi.m;$ |
| http://%s:%d/Mozi.m+-O+- |
| http://purenetworks.com/HNAP1/ |
| http://%s:%d/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcron |
| http://www.w3.org/2001/XMLSchema-instance |
| http://ipinfo.io/ip |
| http://baidu.com/%s/%s/%d/%s/%s/%s/%s) |
| http://%s:%d/i |