Analysis
-
max time kernel
150s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
20/11/2024, 14:58
Static task
static1
Behavioral task
behavioral1
Sample
createuser.sh
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
createuser.sh
Resource
debian9-armhf-20240418-en
debian-9-armhf
1 signatures
150 seconds
Behavioral task
behavioral3
Sample
createuser.sh
Resource
debian9-mipsbe-20240611-en
debian-9-mips
1 signatures
150 seconds
Behavioral task
behavioral4
Sample
createuser.sh
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
1 signatures
150 seconds
General
-
Target
createuser.sh
-
Size
431B
-
MD5
f952d2c4d4d093fbcc4c3f1dfe44a81c
-
SHA1
559a07342c0f2da1e5f17727061277c97e68e7df
-
SHA256
f8d97e0e08d339315d840f10cab3d70558b944ec203c3ed8595fed69aa36e345
-
SHA512
fd3d2979037f0c9f9b4b15808040d555b0ffd3c258a29f0febcb11fd7220e8324e9eefb51b79fad4abd33ba37d47f159b15d33ae12940697859f62b2ee4af089
Score
3/10
Malware Config
Signatures
-
Writes file to tmp directory 64 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/conf/directory/default/2525.xml createuser.sh File opened for modification /tmp/conf/directory/default/2557.xml createuser.sh File opened for modification /tmp/conf/directory/default/2213.xml createuser.sh File opened for modification /tmp/conf/directory/default/2253.xml createuser.sh File opened for modification /tmp/conf/directory/default/2365.xml createuser.sh File opened for modification /tmp/conf/directory/default/2384.xml createuser.sh File opened for modification /tmp/conf/directory/default/2430.xml createuser.sh File opened for modification /tmp/conf/directory/default/2473.xml createuser.sh File opened for modification /tmp/conf/directory/default/2443.xml createuser.sh File opened for modification /tmp/conf/directory/default/2490.xml createuser.sh File opened for modification /tmp/conf/directory/default/2004.xml createuser.sh File opened for modification /tmp/conf/directory/default/2058.xml createuser.sh File opened for modification /tmp/conf/directory/default/2115.xml createuser.sh File opened for modification /tmp/conf/directory/default/2157.xml createuser.sh File opened for modification /tmp/conf/directory/default/2316.xml createuser.sh File opened for modification /tmp/conf/directory/default/2341.xml createuser.sh File opened for modification /tmp/conf/directory/default/2345.xml createuser.sh File opened for modification /tmp/conf/directory/default/2506.xml createuser.sh File opened for modification /tmp/conf/directory/default/2551.xml createuser.sh File opened for modification /tmp/conf/directory/default/2568.xml createuser.sh File opened for modification /tmp/conf/directory/default/2689.xml createuser.sh File opened for modification /tmp/conf/directory/default/2529.xml createuser.sh File opened for modification /tmp/conf/directory/default/2021.xml createuser.sh File opened for modification /tmp/conf/directory/default/2055.xml createuser.sh File opened for modification /tmp/conf/directory/default/2075.xml createuser.sh File opened for modification /tmp/conf/directory/default/2111.xml createuser.sh File opened for modification /tmp/conf/directory/default/2118.xml createuser.sh File opened for modification /tmp/conf/directory/default/2196.xml createuser.sh File opened for modification /tmp/conf/directory/default/2243.xml createuser.sh File opened for modification /tmp/conf/directory/default/2423.xml createuser.sh File opened for modification /tmp/conf/directory/default/2687.xml createuser.sh File opened for modification /tmp/conf/directory/default/2156.xml createuser.sh File opened for modification /tmp/conf/directory/default/2361.xml createuser.sh File opened for modification /tmp/conf/directory/default/2492.xml createuser.sh File opened for modification /tmp/conf/directory/default/2693.xml createuser.sh File opened for modification /tmp/conf/directory/default/2040.xml createuser.sh File opened for modification /tmp/conf/directory/default/2074.xml createuser.sh File opened for modification /tmp/conf/directory/default/2102.xml createuser.sh File opened for modification /tmp/conf/directory/default/2106.xml createuser.sh File opened for modification /tmp/conf/directory/default/2187.xml createuser.sh File opened for modification /tmp/conf/directory/default/2274.xml createuser.sh File opened for modification /tmp/conf/directory/default/2352.xml createuser.sh File opened for modification /tmp/conf/directory/default/2406.xml createuser.sh File opened for modification /tmp/conf/directory/default/2500.xml createuser.sh File opened for modification /tmp/conf/directory/default/2616.xml createuser.sh File opened for modification /tmp/conf/directory/default/2716.xml createuser.sh File opened for modification /tmp/conf/directory/default/2730.xml createuser.sh File opened for modification /tmp/conf/directory/default/2024.xml createuser.sh File opened for modification /tmp/conf/directory/default/2214.xml createuser.sh File opened for modification /tmp/conf/directory/default/2302.xml createuser.sh File opened for modification /tmp/conf/directory/default/2439.xml createuser.sh File opened for modification /tmp/conf/directory/default/2536.xml createuser.sh File opened for modification /tmp/conf/directory/default/2703.xml createuser.sh File opened for modification /tmp/conf/directory/default/2593.xml createuser.sh File opened for modification /tmp/conf/directory/default/2605.xml createuser.sh File opened for modification /tmp/conf/directory/default/2065.xml createuser.sh File opened for modification /tmp/conf/directory/default/2171.xml createuser.sh File opened for modification /tmp/conf/directory/default/2238.xml createuser.sh File opened for modification /tmp/conf/directory/default/2367.xml createuser.sh File opened for modification /tmp/conf/directory/default/2379.xml createuser.sh File opened for modification /tmp/conf/directory/default/2501.xml createuser.sh File opened for modification /tmp/conf/directory/default/2622.xml createuser.sh File opened for modification /tmp/conf/directory/default/2691.xml createuser.sh File opened for modification /tmp/conf/directory/default/2692.xml createuser.sh