Analysis
-
max time kernel
150s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
20/11/2024, 14:58
Static task
static1
Behavioral task
behavioral1
Sample
createuser.sh
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
createuser.sh
Resource
debian9-armhf-20240418-en
debian-9-armhf
1 signatures
150 seconds
Behavioral task
behavioral3
Sample
createuser.sh
Resource
debian9-mipsbe-20240611-en
debian-9-mips
1 signatures
150 seconds
Behavioral task
behavioral4
Sample
createuser.sh
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
1 signatures
150 seconds
General
-
Target
createuser.sh
-
Size
431B
-
MD5
f952d2c4d4d093fbcc4c3f1dfe44a81c
-
SHA1
559a07342c0f2da1e5f17727061277c97e68e7df
-
SHA256
f8d97e0e08d339315d840f10cab3d70558b944ec203c3ed8595fed69aa36e345
-
SHA512
fd3d2979037f0c9f9b4b15808040d555b0ffd3c258a29f0febcb11fd7220e8324e9eefb51b79fad4abd33ba37d47f159b15d33ae12940697859f62b2ee4af089
Score
3/10
Malware Config
Signatures
-
Writes file to tmp directory 64 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/conf/directory/default/2345.xml createuser.sh File opened for modification /tmp/conf/directory/default/2268.xml createuser.sh File opened for modification /tmp/conf/directory/default/2734.xml createuser.sh File opened for modification /tmp/conf/directory/default/2488.xml createuser.sh File opened for modification /tmp/conf/directory/default/2640.xml createuser.sh File opened for modification /tmp/conf/directory/default/2684.xml createuser.sh File opened for modification /tmp/conf/directory/default/2278.xml createuser.sh File opened for modification /tmp/conf/directory/default/2540.xml createuser.sh File opened for modification /tmp/conf/directory/default/2738.xml createuser.sh File opened for modification /tmp/conf/directory/default/2830.xml createuser.sh File opened for modification /tmp/conf/directory/default/2075.xml createuser.sh File opened for modification /tmp/conf/directory/default/2200.xml createuser.sh File opened for modification /tmp/conf/directory/default/2701.xml createuser.sh File opened for modification /tmp/conf/directory/default/2153.xml createuser.sh File opened for modification /tmp/conf/directory/default/2254.xml createuser.sh File opened for modification /tmp/conf/directory/default/2806.xml createuser.sh File opened for modification /tmp/conf/directory/default/2028.xml createuser.sh File opened for modification /tmp/conf/directory/default/2579.xml createuser.sh File opened for modification /tmp/conf/directory/default/2449.xml createuser.sh File opened for modification /tmp/conf/directory/default/2638.xml createuser.sh File opened for modification /tmp/conf/directory/default/2404.xml createuser.sh File opened for modification /tmp/conf/directory/default/2610.xml createuser.sh File opened for modification /tmp/conf/directory/default/2371.xml createuser.sh File opened for modification /tmp/conf/directory/default/2448.xml createuser.sh File opened for modification /tmp/conf/directory/default/2518.xml createuser.sh File opened for modification /tmp/conf/directory/default/2809.xml createuser.sh File opened for modification /tmp/conf/directory/default/2169.xml createuser.sh File opened for modification /tmp/conf/directory/default/2554.xml createuser.sh File opened for modification /tmp/conf/directory/default/2058.xml createuser.sh File opened for modification /tmp/conf/directory/default/2081.xml createuser.sh File opened for modification /tmp/conf/directory/default/2351.xml createuser.sh File opened for modification /tmp/conf/directory/default/2462.xml createuser.sh File opened for modification /tmp/conf/directory/default/2611.xml createuser.sh File opened for modification /tmp/conf/directory/default/2725.xml createuser.sh File opened for modification /tmp/conf/directory/default/2591.xml createuser.sh File opened for modification /tmp/conf/directory/default/2627.xml createuser.sh File opened for modification /tmp/conf/directory/default/2692.xml createuser.sh File opened for modification /tmp/conf/directory/default/2163.xml createuser.sh File opened for modification /tmp/conf/directory/default/2273.xml createuser.sh File opened for modification /tmp/conf/directory/default/2737.xml createuser.sh File opened for modification /tmp/conf/directory/default/2203.xml createuser.sh File opened for modification /tmp/conf/directory/default/2341.xml createuser.sh File opened for modification /tmp/conf/directory/default/2020.xml createuser.sh File opened for modification /tmp/conf/directory/default/2076.xml createuser.sh File opened for modification /tmp/conf/directory/default/2678.xml createuser.sh File opened for modification /tmp/conf/directory/default/2068.xml createuser.sh File opened for modification /tmp/conf/directory/default/2303.xml createuser.sh File opened for modification /tmp/conf/directory/default/2594.xml createuser.sh File opened for modification /tmp/conf/directory/default/2598.xml createuser.sh File opened for modification /tmp/conf/directory/default/2639.xml createuser.sh File opened for modification /tmp/conf/directory/default/2009.xml createuser.sh File opened for modification /tmp/conf/directory/default/2060.xml createuser.sh File opened for modification /tmp/conf/directory/default/2195.xml createuser.sh File opened for modification /tmp/conf/directory/default/2527.xml createuser.sh File opened for modification /tmp/conf/directory/default/2582.xml createuser.sh File opened for modification /tmp/conf/directory/default/2008.xml createuser.sh File opened for modification /tmp/conf/directory/default/2691.xml createuser.sh File opened for modification /tmp/conf/directory/default/2705.xml createuser.sh File opened for modification /tmp/conf/directory/default/2015.xml createuser.sh File opened for modification /tmp/conf/directory/default/2054.xml createuser.sh File opened for modification /tmp/conf/directory/default/2151.xml createuser.sh File opened for modification /tmp/conf/directory/default/2652.xml createuser.sh File opened for modification /tmp/conf/directory/default/2659.xml createuser.sh File opened for modification /tmp/conf/directory/default/2326.xml createuser.sh