Hidden menace: Peeling back the secrets of OnionCrypter - Avast Threat Labs
Tags
| attack-pattern: | Data Hooking - T1617 Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Tool - T1588.002 Hooking - T1179 Hooking |
Common Information
| Type | Value |
|---|---|
| UUID | e157c4da-4265-4b54-aabb-b0d288a19b95 |
| Fingerprint | aaa15b11e9bf16e1 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | March 17, 2021, 12:58 p.m. |
| Added to db | Feb. 18, 2023, 1:12 a.m. |
| Last updated | Nov. 18, 2024, 3:30 p.m. |
| Headline | Hidden menace: Peeling back the secrets of OnionCrypter |
| Title | Hidden menace: Peeling back the secrets of OnionCrypter - Avast Threat Labs |
| Detected Hints/Tags/Attributes | 54/1/12 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://decoded.avast.io/jakubkaloc/onion-crypter/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4134 | github.com |
|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 5 | kernell32.dll |
|
| Details | File | 229 | advapi32.dll |
|
| Details | File | 534 | ntdll.dll |
|
| Details | File | 1 | event_names.txt |
|
| Details | File | 1 | extract_event_names.py |
|
| Details | Github username | 12 | avast |
|
| Details | Url | 1 | https://github.com/avast/ioc/tree/master/onioncrypter/samples.sha256 |
|
| Details | Url | 1 | https://github.com/avast/ioc/tree/master/onioncrypter/event_names.txt |
|
| Details | Url | 1 | https://github.com/avast/ioc/tree/master/onioncrypter |
|
| Details | Url | 1 | https://github.com/avast/ioc/tree/master/onioncrypter/extras/extract_event_names.py |