Analysis
-
max time kernel
73s -
platform
debian-9_armhf -
resource
debian9-armhf-20240418-en -
resource tags
arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
20/11/2024, 14:58
Static task
static1
Behavioral task
behavioral1
Sample
createuser.sh
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
createuser.sh
Resource
debian9-armhf-20240418-en
debian-9-armhf
1 signatures
150 seconds
Behavioral task
behavioral3
Sample
createuser.sh
Resource
debian9-mipsbe-20240611-en
debian-9-mips
1 signatures
150 seconds
Behavioral task
behavioral4
Sample
createuser.sh
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
1 signatures
150 seconds
General
-
Target
createuser.sh
-
Size
431B
-
MD5
f952d2c4d4d093fbcc4c3f1dfe44a81c
-
SHA1
559a07342c0f2da1e5f17727061277c97e68e7df
-
SHA256
f8d97e0e08d339315d840f10cab3d70558b944ec203c3ed8595fed69aa36e345
-
SHA512
fd3d2979037f0c9f9b4b15808040d555b0ffd3c258a29f0febcb11fd7220e8324e9eefb51b79fad4abd33ba37d47f159b15d33ae12940697859f62b2ee4af089
Score
3/10
Malware Config
Signatures
-
Writes file to tmp directory 64 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/conf/directory/default/2215.xml createuser.sh File opened for modification /tmp/conf/directory/default/2471.xml createuser.sh File opened for modification /tmp/conf/directory/default/2552.xml createuser.sh File opened for modification /tmp/conf/directory/default/24440.xml createuser.sh File opened for modification /tmp/conf/directory/default/27790.xml createuser.sh File opened for modification /tmp/conf/directory/default/9855.xml createuser.sh File opened for modification /tmp/conf/directory/default/2580.xml createuser.sh File opened for modification /tmp/conf/directory/default/2998.xml createuser.sh File opened for modification /tmp/conf/directory/default/25480.xml createuser.sh File opened for modification /tmp/conf/directory/default/9230.xml createuser.sh File opened for modification /tmp/conf/directory/default/9349.xml createuser.sh File opened for modification /tmp/conf/directory/default/9922.xml createuser.sh File opened for modification /tmp/conf/directory/default/9189.xml createuser.sh File opened for modification /tmp/conf/directory/default/2065.xml createuser.sh File opened for modification /tmp/conf/directory/default/2280.xml createuser.sh File opened for modification /tmp/conf/directory/default/2709.xml createuser.sh File opened for modification /tmp/conf/directory/default/2930.xml createuser.sh File opened for modification /tmp/conf/directory/default/25680.xml createuser.sh File opened for modification /tmp/conf/directory/default/28400.xml createuser.sh File opened for modification /tmp/conf/directory/default/9141.xml createuser.sh File opened for modification /tmp/conf/directory/default/9213.xml createuser.sh File opened for modification /tmp/conf/directory/default/9312.xml createuser.sh File opened for modification /tmp/conf/directory/default/9549.xml createuser.sh File opened for modification /tmp/conf/directory/default/9565.xml createuser.sh File opened for modification /tmp/conf/directory/default/9840.xml createuser.sh File opened for modification /tmp/conf/directory/default/9881.xml createuser.sh File opened for modification /tmp/conf/directory/default/2056.xml createuser.sh File opened for modification /tmp/conf/directory/default/2916.xml createuser.sh File opened for modification /tmp/conf/directory/default/21170.xml createuser.sh File opened for modification /tmp/conf/directory/default/9504.xml createuser.sh File opened for modification /tmp/conf/directory/default/9674.xml createuser.sh File opened for modification /tmp/conf/directory/default/2626.xml createuser.sh File opened for modification /tmp/conf/directory/default/2767.xml createuser.sh File opened for modification /tmp/conf/directory/default/21860.xml createuser.sh File opened for modification /tmp/conf/directory/default/22370.xml createuser.sh File opened for modification /tmp/conf/directory/default/23070.xml createuser.sh File opened for modification /tmp/conf/directory/default/25320.xml createuser.sh File opened for modification /tmp/conf/directory/default/2352.xml createuser.sh File opened for modification /tmp/conf/directory/default/22090.xml createuser.sh File opened for modification /tmp/conf/directory/default/22160.xml createuser.sh File opened for modification /tmp/conf/directory/default/23860.xml createuser.sh File opened for modification /tmp/conf/directory/default/24010.xml createuser.sh File opened for modification /tmp/conf/directory/default/24280.xml createuser.sh File opened for modification /tmp/conf/directory/default/24530.xml createuser.sh File opened for modification /tmp/conf/directory/default/9169.xml createuser.sh File opened for modification /tmp/conf/directory/default/9266.xml createuser.sh File opened for modification /tmp/conf/directory/default/2202.xml createuser.sh File opened for modification /tmp/conf/directory/default/2562.xml createuser.sh File opened for modification /tmp/conf/directory/default/24980.xml createuser.sh File opened for modification /tmp/conf/directory/default/29130.xml createuser.sh File opened for modification /tmp/conf/directory/default/9520.xml createuser.sh File opened for modification /tmp/conf/directory/default/9607.xml createuser.sh File opened for modification /tmp/conf/directory/default/2479.xml createuser.sh File opened for modification /tmp/conf/directory/default/20080.xml createuser.sh File opened for modification /tmp/conf/directory/default/21630.xml createuser.sh File opened for modification /tmp/conf/directory/default/26290.xml createuser.sh File opened for modification /tmp/conf/directory/default/28920.xml createuser.sh File opened for modification /tmp/conf/directory/default/9428.xml createuser.sh File opened for modification /tmp/conf/directory/default/9593.xml createuser.sh File opened for modification /tmp/conf/directory/default/2875.xml createuser.sh File opened for modification /tmp/conf/directory/default/20320.xml createuser.sh File opened for modification /tmp/conf/directory/default/27060.xml createuser.sh File opened for modification /tmp/conf/directory/default/9944.xml createuser.sh File opened for modification /tmp/conf/directory/default/22830.xml createuser.sh