DigitalSide Threat Intel

i

First submission 2023-06-24 20:11:03 Last sumbission 2023-09-29 12:44:03

File details

File type: ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, no section header
Mime type: application/x-executable
File size: 300.74 KB (307960 bytes)
MD5: e30a81d66f18f07647397d1defbad11b
SHA1: a7fd1a1d71f7f7b00886741db52c42af0c8873f1
SHA256: b7ba5aa2f8f7781d408e87b2131fa2cc9b95cdf3460f9778229398c9e851772a
Virus Total: 44/61 VT report date: 2023-06-20 17:01:35

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 8

URL Host (FQDN/IP) Date Added
hXXp://200.58.93.35:49430/i VirusTotal Report 200.58.93.35 VirusTotal Report 2023-09-29 12:44:04
hXXp://117.194.167.127:40509/Mozi.m VirusTotal Report 117.194.167.127 VirusTotal Report 2023-09-29 12:41:05
hXXp://117.252.173.143:48025/Mozi.m VirusTotal Report 117.252.173.143 VirusTotal Report 2023-09-28 22:22:04
hXXp://200.58.93.91:49383/i VirusTotal Report 200.58.93.91 VirusTotal Report 2023-09-27 04:41:04
hXXp://59.92.40.96:48214/Mozi.m VirusTotal Report 59.92.40.96 VirusTotal Report 2023-09-25 23:21:06
hXXp://59.93.24.162:56013/Mozi.a VirusTotal Report 59.93.24.162 VirusTotal Report 2023-09-25 01:41:05
hXXp://182.56.179.194:42090/Mozi.m VirusTotal Report 182.56.179.194 VirusTotal Report 2023-09-24 22:42:04
hXXp://59.99.132.122:41825/Mozi.m VirusTotal Report 59.99.132.122 VirusTotal Report 2023-09-24 19:04:21

Strings analysis - File found

XML
Fcs7c.xml

Strings analysis - Possible IPs found 12

130.239.18.159
82.221.103.244
192.168.3.1
87.98.162.88
239.255.255.250
255.255.255.255
212.129.33.59
192.168.0.100
192.168.1.1
8.8.8.8
127.0.0.1
114.114.114.114

Strings analysis - Possible URLs found 27

http://%s:%d/Mozi.m;/tmp/Mozi.m
http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
http://ipinfo.io/ip
http://www.w3.org/2001/XMLSchema-instance
http://%s:%d/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcron
http://purenetworks.com/HNAP1/
http://%s:%d/Mozi.m+-O+-
http://%s:%d/Mozi.m;$
http://
http://%s
http://schemas.xmlsoap.org/soap/envelope/
http://%s:%d/bin.sh
http://%s:%d/bin.sh;chmod
http://%s:%d/Mozi.m
http://127.0.0.1
http://%s:%d/i;chmod
http://schemas.xmlsoap.org/soap/envelope//
http://%s:%d/Mozi.m;
http://%s:%d/i
http://schemas.xmlsoap.org/soap/encoding/
http://%s:%d
http://%s:%d/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
http://%s:%d/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://%s:%d/Mozi.a;sh$
https://
http://www.w3.org/2001/XMLSchema
http://upx.sf.net