Mozi.a
First submission 2023-06-22 19:52:04
Last sumbission 2023-09-28 10:53:04
File details
| File type: | ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped |
| Mime type: | application/x-executable |
| File size: | 300.74 KB (307960 bytes) |
| MD5: | eec5c6c219535fba3a0492ea8118b397 |
| SHA1: | 292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21 |
| SHA256: | 12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef |
| Virus Total: | 49/61 VT report date: 2023-06-15 20:32:36 |
File features detected
Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR
URLs, FQDN and IP indicators 1
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXp://58.253.92.82:46761/Mozi.a  |
58.253.92.82 |
2023-09-28 10:53:05 |
Strings analysis - Possible IPs found 12
| 130.239.18.159 |
| 82.221.103.244 |
| 192.168.3.1 |
| 87.98.162.88 |
| 212.129.33.59 |
| 255.255.255.255 |
| 114.114.114.114 |
| 192.168.1.1 |
| 239.255.255.250 |
| 8.8.8.8 |
| 127.0.0.1 |
| 192.168.0.100 |
Strings analysis - Possible URLs found 25
| http://%s:%d/Mozi.m;/tmp/Mozi.m |
| http://baidu.com/%s/%s/%d/%s/%s/%s/%s) |
| http://ipinfo.io/ip |
| http://www.w3.org/2001/XMLSchema-instance |
| http://%s:%d/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcron |
| http://purenetworks.com/HNAP1/ |
| http://%s:%d/Mozi.m+-O+- |
| http://%s:%d/Mozi.m;$ |
| http:// |
| http://schemas.xmlsoap.org/soap/envelope/ |
| http://%s:%d/bin.sh |
| http://%s:%d/bin.sh;chmod |
| http://%s:%d/Mozi.m |
| http://127.0.0.1 |
| http://%s:%d/i;chmod |
| http://schemas.xmlsoap.org/soap/envelope// |
| http://%s:%d/Mozi.m; |
| http://%s:%d/i |
| http://schemas.xmlsoap.org/soap/encoding/ |
| http://%s:%d |
| http://%s:%d/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 |
| http://%s:%d/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws |
| http://%s:%d/Mozi.a;sh$ |
| https:// |
| http://www.w3.org/2001/XMLSchema |