2020-04-17 - QAKBOT (QBOT) SPX99

显示全部楼层 · 发表于 2020-4-18 20:30:54

本帖最后由 YorkWaugh 于 2020-4-18 20:34 编辑

好久没来了，来诈个尸：https://ww.lanzous.com/ibkl4md
其他样本：https://ww.lanzous.com/b0159g2mb
0140012.zip (101,528 bytes)
2020-04-17-Qakbot-EXE-spx99-example-1-of-4.bin (2,295,808 bytes)
2020-04-17-Qakbot-EXE-spx99-example-2-of-4.bin (2,295,808 bytes)
2020-04-17-Qakbot-EXE-spx99-example-3-of-4.bin (2,295,808 bytes)
2020-04-17-Qakbot-EXE-spx99-example-4-of-4.bin (2,295,808 bytes)
2164939.zip (98,776 bytes)
50208.zip (95,056 bytes)
82386.zip (100,122 bytes)

显示全部楼层 · 发表于 2020-4-18 20:39:13

红伞清空

显示全部楼层 · 发表于 2020-4-18 20:41:25

Avast清空

显示全部楼层 · 发表于 2020-4-18 21:07:47

Norton
扫描VBS的好像都Miss了
双击
这...算拦住了吗

显示全部楼层 · 发表于 2020-4-18 21:12:16

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
2020/4/18 21:09:57;Real-time file system protection;file;C:\Users\Galaxy\Downloads\2020-04-17-Qakbot-spx99-malware-samples\2020-04-17-Qakbot-EXE-spx99-example-1-of-4.bin;a variant of Win32/GenKryptik.EILP trojan;cleaned by deleting;DESKTOP-NV3EN59\Galaxy;Event occurred on a new file created by the application: C:\Windows\explorer.exe (421C8FE40D4A8B70547DCCD21D924B3C58C26F89).;111D219DFB11EE95F4B558E2ACF0F19977ACDDAE;2020/4/18 21:09:55
2020/4/18 21:09:58;Real-time file system protection;file;C:\Users\Galaxy\Downloads\2020-04-17-Qakbot-spx99-malware-samples\2020-04-17-Qakbot-EXE-spx99-example-2-of-4.bin;a variant of Win32/GenKryptik.EILP trojan;cleaned by deleting;DESKTOP-NV3EN59\Galaxy;Event occurred on a new file created by the application: C:\Windows\explorer.exe (421C8FE40D4A8B70547DCCD21D924B3C58C26F89).;F2AD8B80AE7EFEF7DFFFEEB83456456731264FC3;2020/4/18 21:09:56
2020/4/18 21:09:59;Real-time file system protection;file;C:\Users\Galaxy\Downloads\2020-04-17-Qakbot-spx99-malware-samples\2020-04-17-Qakbot-EXE-spx99-example-3-of-4.bin;a variant of Win32/GenKryptik.EILP trojan;cleaned by deleting;DESKTOP-NV3EN59\Galaxy;Event occurred on a new file created by the application: C:\Windows\explorer.exe (421C8FE40D4A8B70547DCCD21D924B3C58C26F89).;4768323A806F3F76741B28B78A2F84641191B14A;2020/4/18 21:09:57
2020/4/18 21:10:00;Real-time file system protection;file;C:\Users\Galaxy\Downloads\2020-04-17-Qakbot-spx99-malware-samples\2020-04-17-Qakbot-EXE-spx99-example-4-of-4.bin;a variant of Win32/GenKryptik.EILP trojan;cleaned by deleting;DESKTOP-NV3EN59\Galaxy;Event occurred on a new file created by the application: C:\Windows\explorer.exe (421C8FE40D4A8B70547DCCD21D924B3C58C26F89).;5692F839A7FCAB0188BB98D60AFDA038A450FD89;2020/4/18 21:09:57
2020/4/18 21:11:41;Real-time file system protection;file;C:\Users\Galaxy\Downloads\2020-04-17-Qakbot-spx99-malware-samples\0140012\NUM_54386.vbs;VBS/TrojanDownloader.Agent.TIV trojan;cleaned by deleting;DESKTOP-NV3EN59\Galaxy;Event occurred on a new file created by the application: C:\Program Files (x86)\360\360zip\360zip.exe (C2085BBEE171ABAAA42BD3D8209596747E3710B8).;73C40AEAE1B2EEF6CCAEC2B4EB94DA0520269FB6;2020/4/18 21:11:36
2020/4/18 21:11:41;Real-time file system protection;file;C:\Users\Galaxy\Downloads\2020-04-17-Qakbot-spx99-malware-samples\0140012\NUM_71700.vbs;VBS/TrojanDownloader.Agent.TIV trojan;cleaned by deleting;DESKTOP-NV3EN59\Galaxy;Event occurred on a new file created by the application: C:\Program Files (x86)\360\360zip\360zip.exe (C2085BBEE171ABAAA42BD3D8209596747E3710B8).;015308AB1FE11BB05A10C33A71188FCA18AD16F7;2020/4/18 21:11:35
2020/4/18 21:11:42;Real-time file system protection;file;C:\Users\Galaxy\Downloads\2020-04-17-Qakbot-spx99-malware-samples\0140012\NUM_50905.vbs;VBS/TrojanDownloader.Agent.TIV trojan;cleaned by deleting;DESKTOP-NV3EN59\Galaxy;Event occurred on a new file created by the application: C:\Program Files (x86)\360\360zip\360zip.exe (C2085BBEE171ABAAA42BD3D8209596747E3710B8).;6405B6C167D0454DDBA36A54AE1E8625CC742BC6;2020/4/18 21:11:35
2020/4/18 21:11:42;Real-time file system protection;file;C:\Users\Galaxy\Downloads\2020-04-17-Qakbot-spx99-malware-samples\0140012\NUM_353.vbs;VBS/TrojanDownloader.Agent.TIV trojan;cleaned by deleting;DESKTOP-NV3EN59\Galaxy;Event occurred on a new file created by the application: C:\Program Files (x86)\360\360zip\360zip.exe (C2085BBEE171ABAAA42BD3D8209596747E3710B8).;99D099FA960A924A2E89669DC22813C3CF75FFD1;2020/4/18 21:11:35

By ESET

显示全部楼层 · 发表于 2020-4-18 21:56:49

本帖最后由心醉咖啡于 2020-4-18 22:07 编辑

21.56毒霸0
22.07

扫描时间：[2020-04-18 22:06:57]
扫描用时：[00:00:07]
扫描类型：自定义查杀
扫描文件总数：12
扫描速度：1文件/秒
发现威胁：4个
清除威胁：4个
=============================================
[2020-04-18 22:07:10]
威胁：e:\浏览器下载\2020-04-17-qakbot-spx99-malware-samples\2020-04-17-qakbot-exe-spx99-example-1-of-4.bin
类型：win32.troj.banker.(kcloud)
处理方式：删除
[2020-04-18 22:07:10]
威胁：e:\浏览器下载\2020-04-17-qakbot-spx99-malware-samples\2020-04-17-qakbot-exe-spx99-example-2-of-4.bin
类型：win32.troj.banker.(kcloud)
处理方式：删除
[2020-04-18 22:07:10]
威胁：e:\浏览器下载\2020-04-17-qakbot-spx99-malware-samples\2020-04-17-qakbot-exe-spx99-example-3-of-4.bin
类型：win32.troj.banker.(kcloud)
处理方式：删除
[2020-04-18 22:07:10]
威胁：e:\浏览器下载\2020-04-17-qakbot-spx99-malware-samples\2020-04-17-qakbot-exe-spx99-example-4-of-4.bin
类型：win32.troj.banker.(kcloud)
处理方式：删除

复制代码

显示全部楼层 · 发表于 2020-4-18 22:10:19

卡巴清空

显示全部楼层 · 发表于 2020-4-18 22:20:16

ESET
0140012.zip > ZIP > NUM_71700.vbs - VBS/TrojanDownloader.Agent.TIV 特洛伊木马
2020-04-17-Qakbot-EXE-spx99-example-1-of-4.bin - Win32/GenKryptik.EILP 特洛伊木马的变种
2020-04-17-Qakbot-EXE-spx99-example-2-of-4.bin - Win32/GenKryptik.EILP 特洛伊木马的变种
2020-04-17-Qakbot-EXE-spx99-example-3-of-4.bin - Win32/GenKryptik.EILP 特洛伊木马的变种
2020-04-17-Qakbot-EXE-spx99-example-4-of-4.bin - Win32/GenKryptik.EILP 特洛伊木马的变种
2164939.zip > ZIP > NUM_353.vbs - VBS/TrojanDownloader.Agent.TIV 特洛伊木马
50208.zip > ZIP > NUM_50905.vbs - VBS/TrojanDownloader.Agent.TIV 特洛伊木马
82386.zip > ZIP > NUM_54386.vbs - VBS/TrojanDownloader.Agent.TIV 特洛伊木马

[病毒样本] 2020-04-17 - QAKBOT (QBOT) SPX99

评分

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源