DigitalSide Threat Intel

bin.sh

First submission 2024-10-09 16:11:13 Last sumbission 2024-10-17 11:07:06

File details

File type: ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, no section header
Mime type: application/x-executable
File size: 300.74 KB (307960 bytes)
MD5: 416d6c3ee8292a910195b7d014dd5aea
SHA1: 1af884e0ad535275ed9ac00293b041697f39eb59
SHA256: ad78c927972cf3099df46bbda368c8af61e29355b186830131238e6eff8355e9

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 40/78 VT report date: 2024-06-14 00:25:02
Malware Type 1 trojan
Threat Type 3 mirai mozi cryp

URLs, FQDN and IP indicators 5

URL Host (FQDN/IP) Date Added
hXXp://117.255.181.43:48274/bin.sh VirusTotal Report 117.255.181.43 VirusTotal Report 2024-10-17 11:07:11
hXXp://59.89.238.141:58975/bin.sh VirusTotal Report 59.89.238.141 VirusTotal Report 2024-10-16 12:07:10
hXXp://59.178.73.212:56994/bin.sh VirusTotal Report 59.178.73.212 VirusTotal Report 2024-10-14 09:33:22
hXXp://61.1.237.186:58975/i VirusTotal Report 61.1.237.186 VirusTotal Report 2024-10-13 06:00:08
hXXp://117.235.52.79:56994/i VirusTotal Report 117.235.52.79 VirusTotal Report 2024-10-12 08:39:12

Strings analysis - File found

XML
M7c.xml

Strings analysis - Possible IPs found 6

192.168.3.1
239.255.255.250
192.168.0.100
192.168.1.1
255.255.255.255
127.0.0.1

Strings analysis - Possible URLs found 22

http://%s:%d/i
http://www.w3.org/2001/XMLSchema-instance
http://%s:%d/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcron
http://purenetworks.com/HNAP1/
http://%s:%d/Mozi.m+-O+-
http://%s:%d/Mozi.m;$
http://
http://schemas.xmlsoap.org/soap/envelope/
http://%s:%d/bin.sh
http://%s:%d/bin.sh;chmod
http://%s:%d/Mozi.m
http://%s:%d/i;chmod
http://schemas.xmlsoap.org/soap/envelope//
http://%s:%d/Mozi.m;
http://%s:%d/Mozi.m;/tmp/Mozi.m
http://schemas.xmlsoap.org/soap/encoding/
http://%s:%d
http://%s:%d/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
http://%s:%d/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://%s:%d/Mozi.a;sh$
http://www.w3.org/2001/XMLSchema
http://upx.sf.net