IOC Report
Mozi.m.elf

loading gif

Files

File Path
Type
Category
Malicious
Mozi.m.elf
ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, no section header
initial sample
 malicious
/tmp/qemu-open.421wig (deleted)
ASCII text
dropped
/tmp/qemu-open.bOi1wr (deleted)
data
dropped

Processes

Path
Cmdline
Malicious
/tmp/Mozi.m.elf
/tmp/Mozi.m.elf
/tmp/Mozi.m.elf
-
/tmp/Mozi.m.elf
-
/tmp/Mozi.m.elf
-
/bin/sh
sh -c "iptables -A INPUT -p tcp --destination-port 23 -j DROP"
/bin/sh
-
/usr/sbin/iptables
iptables -A INPUT -p tcp --destination-port 23 -j DROP
/tmp/Mozi.m.elf
-
/bin/sh
sh -c "iptables -A INPUT -p tcp --destination-port 7547 -j DROP"
/bin/sh
-
/usr/sbin/iptables
iptables -A INPUT -p tcp --destination-port 7547 -j DROP
/tmp/Mozi.m.elf
-
/bin/sh
sh -c "iptables -A INPUT -p tcp --destination-port 5555 -j DROP"
/bin/sh
-
/usr/sbin/iptables
iptables -A INPUT -p tcp --destination-port 5555 -j DROP
/tmp/Mozi.m.elf
-
/bin/sh
sh -c "iptables -A INPUT -p tcp --destination-port 5358 -j DROP"
/bin/sh
-
/usr/sbin/iptables
iptables -A INPUT -p tcp --destination-port 5358 -j DROP
/tmp/Mozi.m.elf
-
/bin/sh
sh -c "iptables -D INPUT -j CWMP_CR"
/bin/sh
-
/usr/sbin/iptables
iptables -D INPUT -j CWMP_CR
/tmp/Mozi.m.elf
-
/bin/sh
sh -c "iptables -X CWMP_CR"
/bin/sh
-
/usr/sbin/iptables
iptables -X CWMP_CR
/tmp/Mozi.m.elf
-
/bin/sh
sh -c "iptables -I INPUT -p udp --dport 11002 -j ACCEPT"
/bin/sh
-
/usr/sbin/iptables
iptables -I INPUT -p udp --dport 11002 -j ACCEPT
There are 21 hidden processes, click here to show them.

Domains

Name
IP
Malicious
daisy.ubuntu.com
162.213.35.24
router.bittorrent.com
unknown
router.utorrent.com
unknown

Memdumps

Base Address
Regiontype
Protect
Malicious
7fd75f700000
page read and write
7fffbd96c000
page read and write
7fd75fa71000
page read and write
7fd6d8435000
page execute read
7fd75fa71000
page read and write
55a7825ad000
page read and write
7fd75e899000
page read and write
7fd75f0af000
page read and write
55a7838da000
page read and write
55a7838fa000
page read and write
55a782596000
page execute and read and write
7fd758000000
page read and write
7fd75fd83000
page read and write
7fd75f723000
page read and write
55a78058e000
page read and write
7fffbd9cd000
page execute read
55a780306000
page execute read
55a780598000
page read and write
7fd6d847b000
page read and write
7fd75f740000
page read and write
7fd75f0a1000
page read and write
7fffbd9cd000
page execute read
7fd6d847b000
page read and write
7fd758000000
page read and write
7fd6d8435000
page execute read
7fd75fd83000
page read and write
7fd75e899000
page read and write
7fd6d8160000
page execute and read and write
7fd75f740000
page read and write
55a780306000
page execute read
7fd75f700000
page read and write
55a7825ad000
page read and write
7fd75f0af000
page read and write
7fd75fc52000
page read and write
55a782596000
page execute and read and write
55a780598000
page read and write
7fd75f723000
page read and write
7fd75f0a1000
page read and write
55a7838da000
page read and write
7fd75f35f000
page read and write
7fd75fdc8000
page read and write
7fd758021000
page read and write
55a78058e000
page read and write
7fd75f35f000
page read and write
7fd75fdc8000
page read and write
7fd75fd7b000
page read and write
7fffbd96c000
page read and write
7fd75fd7b000
page read and write
7fd75fc52000
page read and write
7fd758021000
page read and write
7fd6d8160000
page execute and read and write
There are 41 hidden memdumps, click here to show them.