Crackonosh: A New Malware Distributed in Cracked Software - Avast Threat Labs
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 7122829b-4716-487c-bee2-953c2891439d |
| Fingerprint | 6424797b8533c44d |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | June 24, 2021, 9:39 a.m. |
| Added to db | Sept. 11, 2022, 12:46 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Crackonosh: A New Malware Distributed in Cracked Software |
| Title | Crackonosh: A New Malware Distributed in Cracked Software - Avast Threat Labs |
| Detected Hints/Tags/Attributes | 67/1/129 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | first.universalwebsolutions.info |
|
| Details | Domain | 1 | second.universalwebsolutions.info |
|
| Details | Domain | 1 | getnewupdatesdownload.net |
|
| Details | Domain | 1 | webpublicservices.org |
|
| Details | Domain | 1 | fgh.roboticseldomfutures.info |
|
| Details | Domain | 1 | anter.roboticseldomfutures.info |
|
| Details | Domain | 1 | any.tshirtcheapbusiness.net |
|
| Details | Domain | 1 | lef.loadtubevideos.com |
|
| Details | Domain | 1 | levi.loadtubevideos.com |
|
| Details | Domain | 1 | gof.planetgoodimages.info |
|
| Details | Domain | 1 | dus.bridgetowncityphotos.org |
|
| Details | Domain | 1 | ofl.bridgetowncityphotos.org |
|
| Details | Domain | 1 | duo.motortestingpublic.com |
|
| Details | Domain | 1 | asw.animegogofilms.info |
|
| Details | Domain | 1 | wc.animegogofilms.info |
|
| Details | Domain | 1 | enu.andromediacenter.net |
|
| Details | Domain | 1 | dnn.duckduckanimesdownload.net |
|
| Details | Domain | 1 | vfog.duckduckanimesdownload.net |
|
| Details | Domain | 1 | sto.genomdevelsites.org |
|
| Details | Domain | 1 | sc.stocktradingservices.org |
|
| Details | Domain | 1 | ali.stocktradingservices.org |
|
| Details | Domain | 1 | fgo.darestopedunno.com |
|
| Details | Domain | 1 | dvd.computerpartservices.info |
|
| Details | Domain | 1 | efco.computerpartservices.info |
|
| Details | Domain | 1 | plo.antropoledia.info |
|
| Details | Domain | 1 | lp.junglewearshirts.net |
|
| Details | Domain | 1 | um.junglewearshirts.net |
|
| Details | Domain | 1 | fri.rainbowobservehome.net |
|
| Details | Domain | 1 | internal.videoservicesxvid.com |
|
| Details | Domain | 1 | daci.videoservicesxvid.com |
|
| Details | Domain | 1 | dow.moonexploringfromhome.info |
|
| Details | Domain | 1 | net.todayaniversarygifts.info |
|
| Details | Domain | 1 | sego.todayaniversarygifts.info |
|
| Details | Domain | 1 | pol.motorcyclesonthehighway.com |
|
| Details | Domain | 1 | any.andycopyprinter.net |
|
| Details | Domain | 1 | onl.andycopyprinter.net |
|
| Details | Domain | 1 | cvh.cheapjewelleryathome.info |
|
| Details | Domain | 1 | df.dvdstoreshopper.org |
|
| Details | Domain | 1 | efr.dvdstoreshopper.org |
|
| Details | Domain | 1 | sdf.expensivecarshomerepair.com |
|
| Details | Domain | 2 | www.tenforums.com |
|
| Details | File | 1 | winrmsrv.exe |
|
| Details | File | 1 | winscomrssrv.dll |
|
| Details | File | 1 | winlogui.exe |
|
| Details | File | 2 | maintenance.vbs |
|
| Details | File | 1 | serviceinstaller.msi |
|
| Details | File | 1 | serviceinstaller.exe |
|
| Details | File | 1 | serviceintaller.exe |
|
| Details | File | 1 | startupchecklibrary.dll |
|
| Details | File | 1 | wksprtcli.dll |
|
| Details | File | 40 | 7z.exe |
|
| Details | File | 1 | startupcheck.vbs |
|
| Details | File | 1 | %localappdata%\programs\common and creates in the windows task scheduler the tasks installwinsat to start maintenance.vbs |
|
| Details | File | 1 | startupchecklibrary.vbs |
|
| Details | File | 1 | windfn.exe |
|
| Details | File | 14 | msascuil.exe |
|
| Details | File | 1 | useraccountcontrolsettingsdevice.dat |
|
| Details | File | 1 | %localappdata%\programs\common file useraccountcontrolsettingsdevice.dat |
|
| Details | File | 1 | diskdriver.exe |
|
| Details | File | 1 | stratupchecklibrary.dll |
|
| Details | File | 1 | c:\windows\system32\wrsrvrcomd0.dll |
|
| Details | File | 1 | c:\windows\system32\winupdtemp_0.dat |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 30 | dumpcap.exe |
|
| Details | File | 24 | fiddler.exe |
|
| Details | File | 3 | frst.exe |
|
| Details | File | 7 | frst64.exe |
|
| Details | File | 1 | fse2.exe |
|
| Details | File | 2 | mbar.exe |
|
| Details | File | 1 | messageanalyzer.exe |
|
| Details | File | 19 | netmon.exe |
|
| Details | File | 5 | networkminer.exe |
|
| Details | File | 40 | ollydbg.exe |
|
| Details | File | 27 | procdump.exe |
|
| Details | File | 26 | procdump64.exe |
|
| Details | File | 64 | procexp.exe |
|
| Details | File | 40 | procexp64.exe |
|
| Details | File | 74 | procmon.exe |
|
| Details | File | 27 | procmon64.exe |
|
| Details | File | 6 | rawshark.exe |
|
| Details | File | 1 | rootkitremover.exe |
|
| Details | File | 5 | sdscan.exe |
|
| Details | File | 4 | sdwelcome.exe |
|
| Details | File | 5 | splunk.exe |
|
| Details | File | 4 | splunkd.exe |
|
| Details | File | 2 | spyhunter4.exe |
|
| Details | File | 117 | taskmgr.exe |
|
| Details | File | 9 | tshark.exe |
|
| Details | File | 35 | windbg.exe |
|
| Details | File | 2 | wireshark-gtk.exe |
|
| Details | File | 71 | wireshark.exe |
|
| Details | File | 28 | x32dbg.exe |
|
| Details | File | 23 | x64dbg.exe |
|
| Details | File | 5 | x96dbg.exe |
|
| Details | File | 1 | winlogui.dat |
|
| Details | File | 1 | perfdish001.dat |
|
| Details | File | 2 | install.msi |
|
| Details | File | 8 | install.vbs |
|
| Details | File | 1 | c:\program files\windows defender\ msascuil.exe |
|
| Details | File | 79 | regedit.exe |
|
| Details | File | 1 | 57567-restore-default-services-windows-10-a.html |
|
| Details | File | 4 | network.txt |
|
| Details | File | 2 | filenames.txt |
|
| Details | sha1 | 1 | f3764ec8078b4524428a8fc8119946f8e8d99a27 |
|
| Details | sha1 | 1 | 1063489f4bdd043f72f1bed6fa03086ad1d1de20 |
|
| Details | sha1 | 1 | b53b0887b5fd97e3247d7d88d4369bfc449585c5 |
|
| Details | sha256 | 1 | e497ee189e16caef7c881c1c311d994ae75695c5087d09051be59b0f0051a6cf |
|
| Details | sha256 | 1 | 65f39206fe7b706ded5d7a2db74e900d4fae539421c3167233139b5b5e125b8a |
|
| Details | sha256 | 1 | 4b01a9c1c7f0af74aa1da11f8bb3fc8ecc3719c2c6f4ad820b31108923ac7b71 |
|
| Details | sha256 | 1 | 7f836b445d979870172fa108a47ba953b0c02d2076cac22a5953eb05a683edd4 |
|
| Details | sha256 | 1 | 93a3b50069c463b1158a9bb3a8e3edf9767e8f412c1140903b9fe674d81e32f0 |
|
| Details | sha256 | 1 | 9ec3de9bb9462821b5d034d43a9a5de0715ff741e0c171adfd7697134b936fa3 |
|
| Details | sha256 | 1 | d8c092de1bf9b355e9799105b146baab8c77c4449ead2bdc4a5875769bb3fb8a |
|
| Details | sha256 | 1 | 6a3c8a3ca0376e295a2a9005dfba0eb55d37d5b7bf8fcf108f4fff7778f47584 |
|
| Details | sha256 | 1 | d7a9bf98aca2913699b234219ff8fdaa0f635e5dd3754b23d03d5c3441d94bfb |
|
| Details | sha256 | 1 | 8c52e5cc07710bf7f8b51b075d9f25cd2ece58fd11d2944c6ab9bf62b7fbfa05 |
|
| Details | sha256 | 1 | c6817d6afecdb89485887c0ee2b7ac84e4180323284e53994ef70b89c77768e1 |
|
| Details | sha256 | 1 | aaf2770f78a3d3ec237ca14e0cb20f4a05273ead04169342ddb989431c537e83 |
|
| Details | sha256 | 1 | 86cc68fbf440d4c61eec18b08e817bb2c0c52b307e673ae3ffb91ed6e129b273 |
|
| Details | sha256 | 1 | 1a57a37eb4cd23813a25c131f3c6872ed175abb6f1525f2fe15cff4c077d5df7 |
|
| Details | sha256 | 1 | 7bb5328fb53b5cd59046580c3756f736688cd298fe8846169f3c75f3526d3da5 |
|
| Details | sha256 | 1 | 5b85ceb558baaded794e4db8b8279e2ac42405896b143a63f8a334e6c6bba3fb |
|
| Details | sha256 | 1 | 5ab27eab926755620c948e7f7a1fdc957c657aeb285f449a4a32ef8b1add92ac |
|
| Details | Url | 1 | https://www.tenforums.com/tutorials/57567-restore-default-services-windows-10-a.html |
|
| Details | Windows Registry Key | 41 | HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
|
| Details | Windows Registry Key | 44 | HKLM\SOFTWARE\Policies\Microsoft\Windows |
|
| Details | Windows Registry Key | 4 | HKLM\SOFTWARE\Microsoft\Security |
|
| Details | Windows Registry Key | 2 | HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer |
|
| Details | Windows Registry Key | 164 | HKLM\SOFTWARE\Microsoft\Windows |