#Qakbot #CobaltStrike 21X

hsks

https://cowtransfer.com/s/8cb6325cbb4d4a
https://ws28.cn/f/4wu2lgfkdim

hrh

卡巴剩6个

Nocria

IKARUS

1. [11.03.2021 19:44:56] On-demand scan started: "user_defined"
   
2. [11.03.2021 19:44:56] Found, 0.15s, SigName: "Trojan.Win64.Meterpreter", SigId: 3899606, Type: "VIRUS", File: "C:\Users\promi\Desktop\21X\0344fc48af9006159b0389fba7c35aaa87065b22b2a1058d2af3c9224ed63cb5.exe"
   
3. [11.03.2021 19:44:56] Found, 0.15s, SigName: "Trojan.Win32.Swrort", SigId: 2658631, Type: "VIRUS", File: "C:\Users\promi\Desktop\21X\287aae0d0192654d709742977dfb6219856096d8b05cf7592b2adfd96bb2d976.exe"
   
4. [11.03.2021 19:44:56] Found, 0.94s, SigName: "Trojan-Dropper.VBA.Agent", SigId: 4042511, Type: "VIRUS", File: "C:\Users\promi\Desktop\21X\2c006b92214580e0ac168aa8a1fc49b06ab6760ac7b7867b9a7d0c08086e800f.dll"
   
5. [11.03.2021 19:44:57] Found, 0.156s, SigName: "Trojan-Dropper.VBA.Agent", SigId: 4042511, Type: "VIRUS", File: "C:\Users\promi\Desktop\21X\43d618c4e6951f328cac882eb3391572607e1250292e851467341609cd565274.dll"
   
6. [11.03.2021 19:44:57] Found, 0.00s, SigName: "Trojan.SuspectCRC", SigId: 320080032, Type: "VIRUS", File: "C:\Users\promi\Desktop\21X\6402b54799c36e1e6cfc5975355fcb587b961e0d3821347a294074e76efeaa87.unknown"
   
7. [11.03.2021 19:44:57] Found, 0.16s, SigName: "Trojan.Win32.Rozena", SigId: 317375442, Type: "VIRUS", File: "C:\Users\promi\Desktop\21X\82b1cdd8869c550689bd5d5f6c387b21e84cd137730ed810cc2a3977560649cf.exe"
   
8. [11.03.2021 19:44:57] Found, 0.00s, SigName: "Trojan-Downloader.Win64.Agent", SigId: 4018518, Type: "VIRUS", File: "C:\Users\promi\Desktop\21X\a8979ed3ebb02513d366e126a8f5e2830f7590207dc30bb936fb0ddfe4bd543b.exe"
   
9. [11.03.2021 19:44:57] Found, 0.109s, SigName: "Trojan.PowerShell.Rozena", SigId: 3347275, Type: "VIRUS", File: "C:\Users\promi\Desktop\21X\bf2e8f662f7cff27920ca7c9b27277d1bdf67b58d727d6274e5c32e95d53a715.exe"
   
10. [11.03.2021 19:44:57] Found, 0.156s, SigName: "Trojan-Dropper.VBA.Agent", SigId: 4042511, Type: "VIRUS", File: "C:\Users\promi\Desktop\21X\ce0e493ea782f377bb2ff01ee340db536b848ba57cebe1172ca4c08e519b1e4b.dll"
    
11. [11.03.2021 19:44:57] Found, 0.47s, SigName: "Virus.Win64.Atosev", SigId: 3968370, Type: "VIRUS", File: "C:\Users\promi\Desktop\21X\d00d99db12720792ab5476b060329bab1e1d34ed27280a1da776c45820c59961.exe"
    
12. [11.03.2021 19:44:57] Found, 0.109s, SigName: "Trojan-Dropper.VBA.Agent", SigId: 4042511, Type: "VIRUS", File: "C:\Users\promi\Desktop\21X\d10ee3477d2ffdf7f6e54ec28f8e744506949f52823810789a4ef90b37b256c9.dll"
    
13. [11.03.2021 19:44:57] Found, 0.156s, SigName: "Trojan-Dropper.VBA.Agent", SigId: 4042511, Type: "VIRUS", File: "C:\Users\promi\Desktop\21X\de3e8d2119f640a76193181eecf18b8eb003ba64e4b146a78dbb5abc6ea231da.dll"
    
14. [11.03.2021 19:44:57] Found, 0.16s, SigName: "Trojan.Win32.Swrort", SigId: 2658631, Type: "VIRUS", File: "C:\Users\promi\Desktop\21X\fe6dcf38ecfeb4612ff8c59aa72afad19222bc181464e4b4690f19045bb2f9b5.exe"
    
15. [11.03.2021 19:44:57] On-demand scan FINISHED: "user_defined"
    
16. [11.03.2021 19:44:57] ----------------------------------------------------
    
17. [11.03.2021 19:44:57] Directories scanned: 1
    
18. [11.03.2021 19:44:57] Files scanned: 21
    
19. [11.03.2021 19:44:57] Virus found: 13
    
20. [11.03.2021 19:44:57] ----------------------------------------------------
    

复制代码

k2132

火绒 19个  智量 21个   最后2个文件 改扩展名 ps1

Kinhold

* Avast 扫描报告
* 该文件是自动生成的
*
* 扫描名称: 从 Windows 资源管理器进行扫描
* 开始于: 2021年3月11日 20:07:43
* VPS: 210311-0, 2021/03/11
*

1) ...\21X\fe3b61c3418f28bbdabc03c50ef6b31ccd5d9eaa0a7090a361f869690f7d95d9.exe [L] Win64:Malware-gen (0)

2) ...\21X\8b0efadbbaf1ed74144a03d0e89d605df945ec4b00d2d2794a5a23f2b4a967ff.dll [L] Win32:DangerousSig [Trj] (0)

3) ...\21X\43d618c4e6951f328cac882eb3391572607e1250292e851467341609cd565274.dll [L] Win32:DangerousSig [Trj] (0)

4) ...\21X\287aae0d0192654d709742977dfb6219856096d8b05cf7592b2adfd96bb2d976.exe [L] Win32:HacktoolX-gen [Trj] (0)

5) ...\21X\6402b54799c36e1e6cfc5975355fcb587b961e0d3821347a294074e76efeaa87.unknown [L] PwrSh:Agent-E [Trj] (0)

6) ...\21X\56619f4dc02380fa3a281c0303a90027bc1bb07e6f0527d740d8c49a0ff0bcb4.dll [L] Win32:DangerousSig [Trj] (0)

7) ...\21X\a939c0cfbde8a2a098a792d56e38114195052e8cb857943bbe7e287a701fbab4.dll [L] Win32:DangerousSig [Trj] (0)

8) ...\21X\ce0e493ea782f377bb2ff01ee340db536b848ba57cebe1172ca4c08e519b1e4b.dll [L] Win32:DangerousSig [Trj] (0)

9) ...\21X\de3e8d2119f640a76193181eecf18b8eb003ba64e4b146a78dbb5abc6ea231da.dll [L] Win32:DangerousSig [Trj] (0)

10) ...\21X\d10ee3477d2ffdf7f6e54ec28f8e744506949f52823810789a4ef90b37b256c9.dll [L] Win32:DangerousSig [Trj] (0)

11) ...\21X\a8979ed3ebb02513d366e126a8f5e2830f7590207dc30bb936fb0ddfe4bd543b.exe [L] Win64:Malware-gen (0)

12) ...\21X\fe6dcf38ecfeb4612ff8c59aa72afad19222bc181464e4b4690f19045bb2f9b5.exe [L] Win32:HacktoolX-gen [Trj] (0)

13) ...\21X\611b8e22e90f2df191ab7e5522620c5350faf06d70b329647e044ce80d575e44.exe [L] FileRepMalware (0)

14) ...\21X\43b7e7aeba6649baa69f7a546970ad7e5f448398d1eb0b3d5f4f19ac20817ac5.unknown [L] PwrSh:Agent-E [Trj] (0)

15) ...\21X\bf2e8f662f7cff27920ca7c9b27277d1bdf67b58d727d6274e5c32e95d53a715.exe [L] FileRepMalware (0)

16) ...\21X\2c006b92214580e0ac168aa8a1fc49b06ab6760ac7b7867b9a7d0c08086e800f.dll [L] Win32:DangerousSig [Trj] (0)

17) ...\21X\f86eb10a728b912bfb98529ccc0e2dfedfe1bda9b12b8556dba19f810720a567.dll [L] Win32:DangerousSig [Trj] (0)

18) ...\21X\f02a2ffd0d812f94e12f5da5a7ae837a6fba97551b5a9ef8ec7cbfa6a15e929a.dll [L] Win32:DangerousSig [Trj] (0)

19) ...\21X\82b1cdd8869c550689bd5d5f6c387b21e84cd137730ed810cc2a3977560649cf.exe [L] FileRepMalware (0)

感染文件: 19
文件总计: 714
文件夹总计: 1
大小总计: 54.0 MB

*
* 扫描已停止: 2021年3月11日 20:09:14
* 运行时间是 1 分钟, 31 秒

心醉咖啡

360

1. 360杀毒扫描日志
   
2. 
   
3. 病毒库版本：
   
4. 扫描时间：2021-03-11 20:53:56
   
5. 扫描用时：00:00:02
   
6. 扫描类型：右键扫描
   
7. 扫描文件总数：21
   
8. 项目总数：14
   
9. 清除项目数：14
   
10. 
    
11. 扫描选项
    
12. ----------------------
    
13. 扫描所有文件：是
    
14. 扫描压缩包：是
    
15. 发现病毒处理方式：由用户选择处理
    
16. 扫描磁盘引导区：是
    
17. 扫描 Rootkit：是
    
18. 使用云查杀引擎：是
    
19. 使用QVM人工智能引擎：是
    
20. 扫描建议修复项：是
    
21. 常规引擎设置：未使用
    
22. 
    
23. 扫描内容
    
24. ----------------------
    
25. E:\浏览器下载\21X
    
26. 
    
27. 
    
28. 白名单设置
    
29. ----------------------
    
30. 
    
31. 
    
32. 扫描结果
    
33. ======================
    
34. 高危风险项
    
35. ----------------------
    
36. E:\浏览器下载\21X\0344fc48af9006159b0389fba7c35aaa87065b22b2a1058d2af3c9224ed63cb5.exe        Win64/Trojan.ShellCode.HgEASOkA        已删除
    
37. E:\浏览器下载\21X\287aae0d0192654d709742977dfb6219856096d8b05cf7592b2adfd96bb2d976.exe        感染型病毒(Win32/HackTool.CobaltStrike.HxMBqT8A)        已删除
    
38. E:\浏览器下载\21X\2c006b92214580e0ac168aa8a1fc49b06ab6760ac7b7867b9a7d0c08086e800f.dll        感染型病毒(Win32/Trojan.Bsymem.HgkASQkA)        已删除
    
39. E:\浏览器下载\21X\82b1cdd8869c550689bd5d5f6c387b21e84cd137730ed810cc2a3977560649cf.exe        木马程序(Generic/HEUR/QVM202.0.C777.Malware.Gen)        已删除
    
40. E:\浏览器下载\21X\611b8e22e90f2df191ab7e5522620c5350faf06d70b329647e044ce80d575e44.exe        感染型病毒(Win32/Trojan.Generic.HgIASQIA)        已删除
    
41. E:\浏览器下载\21X\bf2e8f662f7cff27920ca7c9b27277d1bdf67b58d727d6274e5c32e95d53a715.exe        感染型病毒(Win32/TrojanSpy.Cometer.HgIASQYA)        已删除
    
42. E:\浏览器下载\21X\a8979ed3ebb02513d366e126a8f5e2830f7590207dc30bb936fb0ddfe4bd543b.exe        Win64/HackTool.CobaltStrike.H8oAqJsA        已删除
    
43. E:\浏览器下载\21X\43d618c4e6951f328cac882eb3391572607e1250292e851467341609cd565274.dll        感染型病毒(Win32/Backdoor.QakBot.HgkASQkA)        已删除
    
44. E:\浏览器下载\21X\ce0e493ea782f377bb2ff01ee340db536b848ba57cebe1172ca4c08e519b1e4b.dll        感染型病毒(Win32/Trojan.Bsymem.HgkASQkA)        已删除
    
45. E:\浏览器下载\21X\d00d99db12720792ab5476b060329bab1e1d34ed27280a1da776c45820c59961.exe        Win64/Trojan.Swrort.HgEASOcA        已删除
    
46. E:\浏览器下载\21X\d10ee3477d2ffdf7f6e54ec28f8e744506949f52823810789a4ef90b37b256c9.dll        感染型病毒(Win32/Trojan.Bsymem.HgkASQkA)        已删除
    
47. E:\浏览器下载\21X\de3e8d2119f640a76193181eecf18b8eb003ba64e4b146a78dbb5abc6ea231da.dll        感染型病毒(Win32/Trojan.Bsymem.HgkASQkA)        已删除
    
48. E:\浏览器下载\21X\fe3b61c3418f28bbdabc03c50ef6b31ccd5d9eaa0a7090a361f869690f7d95d9.exe        Win64/Trojan.Generic.HgEASQIA        已删除
    
49. E:\浏览器下载\21X\fe6dcf38ecfeb4612ff8c59aa72afad19222bc181464e4b4690f19045bb2f9b5.exe        感染型病毒(Win32/HackTool.CobaltStrike.HxMByx8A)        已删除
    
50. 
    

复制代码

post88

SEP 清空