Analysis
-
max time kernel
22s -
max time network
131s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
20/11/2024, 14:58
Static task
static1
Behavioral task
behavioral1
Sample
createuser.sh
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
createuser.sh
Resource
debian9-armhf-20240418-en
debian-9-armhf
1 signatures
150 seconds
Behavioral task
behavioral3
Sample
createuser.sh
Resource
debian9-mipsbe-20240611-en
debian-9-mips
1 signatures
150 seconds
Behavioral task
behavioral4
Sample
createuser.sh
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
1 signatures
150 seconds
General
-
Target
createuser.sh
-
Size
431B
-
MD5
f952d2c4d4d093fbcc4c3f1dfe44a81c
-
SHA1
559a07342c0f2da1e5f17727061277c97e68e7df
-
SHA256
f8d97e0e08d339315d840f10cab3d70558b944ec203c3ed8595fed69aa36e345
-
SHA512
fd3d2979037f0c9f9b4b15808040d555b0ffd3c258a29f0febcb11fd7220e8324e9eefb51b79fad4abd33ba37d47f159b15d33ae12940697859f62b2ee4af089
Score
3/10
Malware Config
Signatures
-
Writes file to tmp directory 64 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/conf/directory/default/24290.xml createuser.sh File opened for modification /tmp/conf/directory/default/2365.xml createuser.sh File opened for modification /tmp/conf/directory/default/2410.xml createuser.sh File opened for modification /tmp/conf/directory/default/2906.xml createuser.sh File opened for modification /tmp/conf/directory/default/2993.xml createuser.sh File opened for modification /tmp/conf/directory/default/22900.xml createuser.sh File opened for modification /tmp/conf/directory/default/2301.xml createuser.sh File opened for modification /tmp/conf/directory/default/29400.xml createuser.sh File opened for modification /tmp/conf/directory/default/9498.xml createuser.sh File opened for modification /tmp/conf/directory/default/9920.xml createuser.sh File opened for modification /tmp/conf/directory/default/2901.xml createuser.sh File opened for modification /tmp/conf/directory/default/20120.xml createuser.sh File opened for modification /tmp/conf/directory/default/28820.xml createuser.sh File opened for modification /tmp/conf/directory/default/29870.xml createuser.sh File opened for modification /tmp/conf/directory/default/9004.xml createuser.sh File opened for modification /tmp/conf/directory/default/2667.xml createuser.sh File opened for modification /tmp/conf/directory/default/2900.xml createuser.sh File opened for modification /tmp/conf/directory/default/24780.xml createuser.sh File opened for modification /tmp/conf/directory/default/25100.xml createuser.sh File opened for modification /tmp/conf/directory/default/26850.xml createuser.sh File opened for modification /tmp/conf/directory/default/9456.xml createuser.sh File opened for modification /tmp/conf/directory/default/2747.xml createuser.sh File opened for modification /tmp/conf/directory/default/2779.xml createuser.sh File opened for modification /tmp/conf/directory/default/2881.xml createuser.sh File opened for modification /tmp/conf/directory/default/22640.xml createuser.sh File opened for modification /tmp/conf/directory/default/9148.xml createuser.sh File opened for modification /tmp/conf/directory/default/26410.xml createuser.sh File opened for modification /tmp/conf/directory/default/9534.xml createuser.sh File opened for modification /tmp/conf/directory/default/9540.xml createuser.sh File opened for modification /tmp/conf/directory/default/2127.xml createuser.sh File opened for modification /tmp/conf/directory/default/2386.xml createuser.sh File opened for modification /tmp/conf/directory/default/2649.xml createuser.sh File opened for modification /tmp/conf/directory/default/2938.xml createuser.sh File opened for modification /tmp/conf/directory/default/24460.xml createuser.sh File opened for modification /tmp/conf/directory/default/9951.xml createuser.sh File opened for modification /tmp/conf/directory/default/9175.xml createuser.sh File opened for modification /tmp/conf/directory/default/2183.xml createuser.sh File opened for modification /tmp/conf/directory/default/2295.xml createuser.sh File opened for modification /tmp/conf/directory/default/2718.xml createuser.sh File opened for modification /tmp/conf/directory/default/29080.xml createuser.sh File opened for modification /tmp/conf/directory/default/9076.xml createuser.sh File opened for modification /tmp/conf/directory/default/9856.xml createuser.sh File opened for modification /tmp/conf/directory/default/2299.xml createuser.sh File opened for modification /tmp/conf/directory/default/2337.xml createuser.sh File opened for modification /tmp/conf/directory/default/2570.xml createuser.sh File opened for modification /tmp/conf/directory/default/26660.xml createuser.sh File opened for modification /tmp/conf/directory/default/26780.xml createuser.sh File opened for modification /tmp/conf/directory/default/9530.xml createuser.sh File opened for modification /tmp/conf/directory/default/2129.xml createuser.sh File opened for modification /tmp/conf/directory/default/2681.xml createuser.sh File opened for modification /tmp/conf/directory/default/20260.xml createuser.sh File opened for modification /tmp/conf/directory/default/21570.xml createuser.sh File opened for modification /tmp/conf/directory/default/27610.xml createuser.sh File opened for modification /tmp/conf/directory/default/22090.xml createuser.sh File opened for modification /tmp/conf/directory/default/9779.xml createuser.sh File opened for modification /tmp/conf/directory/default/9868.xml createuser.sh File opened for modification /tmp/conf/directory/default/2753.xml createuser.sh File opened for modification /tmp/conf/directory/default/21930.xml createuser.sh File opened for modification /tmp/conf/directory/default/26030.xml createuser.sh File opened for modification /tmp/conf/directory/default/9241.xml createuser.sh File opened for modification /tmp/conf/directory/default/9431.xml createuser.sh File opened for modification /tmp/conf/directory/default/2092.xml createuser.sh File opened for modification /tmp/conf/directory/default/23790.xml createuser.sh File opened for modification /tmp/conf/directory/default/28060.xml createuser.sh