Warez users fell for Certishell - Avast Threat Labs
Tags
Common Information
| Type | Value |
|---|---|
| UUID | ee3475f8-3404-4957-8d3d-10fda18b17cf |
| Fingerprint | 25e619130d37afcf |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | April 21, 2022, 3:09 p.m. |
| Added to db | Sept. 11, 2022, 12:37 p.m. |
| Last updated | Nov. 17, 2024, 3:48 p.m. |
| Headline | Warez users fell for Certishell |
| Title | Warez users fell for Certishell - Avast Threat Labs |
| Detected Hints/Tags/Attributes | 75/2/64 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 100 | ✔ | Avast Threat Labs | https://decoded.avast.io/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | uloz.to |
|
| Details | Domain | 2 | sivpici.php5.sk |
|
| Details | Domain | 12 | www.autoitscript.com |
|
| Details | Domain | 1 | fr.fr |
|
| Details | Domain | 2 | freetips.php5.sk |
|
| Details | Domain | 317 | bit.ly |
|
| Details | Domain | 4 | blog.sevagas.com |
|
| Details | Domain | 2 | googleprovider.ru |
|
| Details | Domain | 65 | imgur.com |
|
| Details | File | 1 | sivpici.php |
|
| Details | File | 2 | que.vbs |
|
| Details | File | 1 | extractor.exe |
|
| Details | File | 2 | heslo.exe |
|
| Details | File | 10 | unrar.exe |
|
| Details | File | 93 | curl.exe |
|
| Details | File | 4 | start.php |
|
| Details | File | 1 | urlg.php |
|
| Details | File | 2 | packed.rar |
|
| Details | File | 26 | run.bat |
|
| Details | File | 17 | up.php |
|
| Details | File | 2 | installed.txt |
|
| Details | File | 5 | processes.txt |
|
| Details | File | 85 | log.txt |
|
| Details | File | 11 | winhost.exe |
|
| Details | File | 5 | reg.php |
|
| Details | File | 1 | updaver.php |
|
| Details | File | 2 | ad.php |
|
| Details | File | 156 | 1.exe |
|
| Details | File | 1 | _winapi_setwindowshookex.htm |
|
| Details | File | 2 | dwms.exe |
|
| Details | File | 10 | connect.php |
|
| Details | File | 4 | online.php |
|
| Details | File | 1 | exists.txt |
|
| Details | File | 26 | register.php |
|
| Details | File | 25 | load.php |
|
| Details | File | 1 | verzia.php |
|
| Details | File | 1 | freetips.php |
|
| Details | File | 1 | shot.bmp |
|
| Details | File | 3 | ad.txt |
|
| Details | File | 2 | iecache.exe |
|
| Details | File | 2 | heslo.txt |
|
| Details | File | 18 | crack.exe |
|
| Details | File | 2 | whats.txt |
|
| Details | File | 63 | ctfmon.exe |
|
| Details | File | 1 | systemcall.exe |
|
| Details | File | 2 | testdll.bin |
|
| Details | File | 23 | test.dll |
|
| Details | File | 2 | begin.rar |
|
| Details | File | 8 | install.vbs |
|
| Details | File | 1 | inv.vbs |
|
| Details | File | 2 | runner.bat |
|
| Details | File | 1 | nissrve.exe |
|
| Details | File | 2 | athos.exe |
|
| Details | File | 1 | bypassavdynamics.pdf |
|
| Details | File | 1 | ckksbsi.jpg |
|
| Details | sha256 | 3 | 6f2efc19263a3f4b4f8ea8d9fd643260dce5bef599940dae02b4689862bbb362 |
|
| Details | sha256 | 1 | 1ad309c8ee17718fb5aacf2587bd51bddb393c0240ee63faf7f890b7093db222 |
|
| Details | sha256 | 1 | 1d2eda5525725f919cb4ef4412272f059abf4b6f25de5dc3b0fca4ce6ef5dd8e |
|
| Details | sha256 | 3 | 90d99c4fe7f81533fb02cf0f1ff296cc1b2d88ea5c4c8567142bb455f435ee5b |
|
| Details | Url | 1 | https://www.autoitscript.com/autoit3/docs/libfunctions/_winapi_setwindowshookex.htm |
|
| Details | Url | 1 | https://blog.sevagas.com/img/pdf/bypassavdynamics.pdf |
|
| Details | Url | 1 | https://i.imgur.com/ckksbsi.jpg |
|
| Details | Windows Registry Key | 14 | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
| Details | Windows Registry Key | 1 | HKLM\Software\a |