收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 FILES FOR AN ISC DIARY (EMOTET WITH COBALT STRIKE) ( ...
12
返回列表 发新帖
楼主: 00006666
 收起左侧

[病毒样本] FILES FOR AN ISC DIARY (EMOTET WITH COBALT STRIKE) (61X)

[复制链接]
傻猪猪米走鸡
发表于 2022-2-10 12:42:32 | 显示全部楼层
ESET 32x
  1. Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
  2. 2022/2/10 12:40:52;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch4-malspam-and-malware\epoch4-attachments\004384335661176.xls;VBA/TrojanDownloader.Agent.XJU trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;110D61465A08E6AA4DB2CC93A023B04510ACA004;2022/2/10 12:40:50
  3. 2022/2/10 12:40:53;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch4-malspam-and-malware\epoch4-attachments\72448317_Dt_02082022.xls;VBA/TrojanDropper.Agent.CLG trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;5FF2604943319FD6179ECF99B01657C12EA9B3C0;2022/2/10 12:40:50
  4. 2022/2/10 12:40:53;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch4-malspam-and-malware\epoch4-attachments\2022-02-08_1106.xls;VBA/TrojanDownloader.Agent.XJU trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;80B564A3AD4717F815021F06E7B9F30FD91FFAE8;2022/2/10 12:40:50
  5. 2022/2/10 12:40:53;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch4-malspam-and-malware\epoch4-attachments\CN89519057404.xls;VBA/TrojanDropper.Agent.CLG trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;29D0E1FD88E7C24F9C6BDAB106ED8CA233A80A88;2022/2/10 12:40:50
  6. 2022/2/10 12:40:54;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch4-malspam-and-malware\epoch4-attachments\FXT984190232654402056916932.xls;VBA/TrojanDropper.Agent.CLG trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;EDF9539101767CB6D85ACE9CC46E922B9FF569E5;2022/2/10 12:40:51
  7. 2022/2/10 12:40:54;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch4-malspam-and-malware\epoch4-attachments\HM98072383360711.xls;VBA/TrojanDropper.Agent.CLG trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;E54466E41B73B4D472EDFF13E3E9898BC7ED1304;2022/2/10 12:40:51
  8. 2022/2/10 12:40:54;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch4-malspam-and-malware\epoch4-attachments\COVID results.xls;VBA/TrojanDropper.Agent.CLG trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;0A74BAF24A22C4E63736639591F8A71470AA8A9E;2022/2/10 12:40:51
  9. 2022/2/10 12:40:54;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch4-malspam-and-malware\epoch4-attachments\NK85847647310.xls;VBA/TrojanDropper.Agent.CLG trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;E354FCA15BE3BC5D1A616C8BA8E85B9E00FF91E0;2022/2/10 12:40:51
  10. 2022/2/10 12:40:56;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch4-malspam-and-malware\epoch4-attachments\IBEYX727216178510.xls;VBA/TrojanDropper.Agent.CLG trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;FABBF6A830B49D0249E07791AA692D21391F4A57;2022/2/10 12:40:51
  11. 2022/2/10 12:40:56;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch4-malspam-and-malware\epoch4-attachments\Invoice for payment.xls;VBA/TrojanDropper.Agent.CLG trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;E9B3486F2CDB6628F2FED48106B055A47FE88665;2022/2/10 12:40:51
  12. 2022/2/10 12:40:56;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch4-malspam-and-malware\epoch4-attachments\Interstate Authority LLC.xls;VBA/TrojanDropper.Agent.CLG trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;831799E517AAA107F0991CEB9DD7A029717E4A70;2022/2/10 12:40:51
  13. 2022/2/10 12:40:56;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch4-malspam-and-malware\epoch4-attachments\Payment Details.xls;VBA/TrojanDropper.Agent.CLG trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;A1606BA8CDB4EE8A021901CA41B0B69C63E133B8;2022/2/10 12:40:51
  14. 2022/2/10 12:40:57;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch4-malspam-and-malware\epoch4-attachments\RCI.xls;VBA/TrojanDropper.Agent.CLG trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;4531DB2C221B71C24169F727AFCDE8A94938EC66;2022/2/10 12:40:51
  15. 2022/2/10 12:40:57;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch4-malspam-and-malware\epoch4-attachments\RRJE28664385309280995.xls;VBA/TrojanDropper.Agent.CLG trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;E9D02EF80DD22E5F907342EAC8A642AD9251B41D;2022/2/10 12:40:51
  16. 2022/2/10 12:40:57;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch4-malspam-and-malware\epoch4-malware-and-artifacts\JooSee.dll;Win32/Emotet.CQ trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;BEAC64292CBC823099C0FFE674FB353312DEF16F;2022/2/10 12:40:51
  17. 2022/2/10 12:40:57;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch5-malspam-and-malware-with-Cobalt-Strike-sample\epoch5-attachments\38 0802.xls;VBA/TrojanDropper.Agent.CLG trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;9A5EE04F6911307D0DD9F38DFD363C68D0CD727D;2022/2/10 12:40:55
  18. 2022/2/10 12:40:59;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch5-malspam-and-malware-with-Cobalt-Strike-sample\epoch5-attachments\4089_08022022.xls;VBA/TrojanDropper.Agent.CLG trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;5E0528C9CAEE2F01A3D7D7BC9349733D3243B6E6;2022/2/10 12:40:55
  19. 2022/2/10 12:41:00;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch5-malspam-and-malware-with-Cobalt-Strike-sample\epoch5-attachments\DOCUMENT-66644855.xls;VBA/TrojanDropper.Agent.CLG trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;0F34963D831A7DA8E98460B70A3B1888BE7FBA50;2022/2/10 12:40:55
  20. 2022/2/10 12:41:00;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch5-malspam-and-malware-with-Cobalt-Strike-sample\epoch5-attachments\DATA-66.xls;VBA/TrojanDropper.Agent.CLG trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;4D37FD7923997FA56627F6D972A0E59386607683;2022/2/10 12:40:55
  21. 2022/2/10 12:41:00;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch5-malspam-and-malware-with-Cobalt-Strike-sample\epoch5-attachments\Attachment_3.xls;VBA/TrojanDropper.Agent.CLG trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;5EB1438E94D1DA9981D211BE4E810D90EEA5B656;2022/2/10 12:40:55
  22. 2022/2/10 12:41:01;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch5-malspam-and-malware-with-Cobalt-Strike-sample\epoch5-attachments\doc_08022022.xls;VBA/TrojanDropper.Agent.CLG trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;2D90C76CDB4374D71CA1084C8CE794404128DABE;2022/2/10 12:40:55
  23. 2022/2/10 12:41:01;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch5-malspam-and-malware-with-Cobalt-Strike-sample\epoch5-attachments\Documentos 0802.xls;VBA/TrojanDropper.Agent.CLG trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;FFB82411FCA8D67CC5439CAE984BC905007F7DDC;2022/2/10 12:40:55
  24. 2022/2/10 12:41:01;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch5-malspam-and-malware-with-Cobalt-Strike-sample\epoch5-attachments\Dokument_68.xls;VBA/TrojanDownloader.Agent.XJU trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;8A1D0F08EAF1FF552D71082BED5A8324DCE6B137;2022/2/10 12:40:55
  25. 2022/2/10 12:41:01;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch5-malspam-and-malware-with-Cobalt-Strike-sample\epoch5-attachments\FILE-0802.xls;VBA/TrojanDropper.Agent.CLG trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;C5DAAE235AEB90299583AA55BB80A5589644B49C;2022/2/10 12:40:55
  26. 2022/2/10 12:41:02;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch5-malspam-and-malware-with-Cobalt-Strike-sample\epoch5-attachments\nk_3.xls;VBA/TrojanDropper.Agent.CLG trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;CCE5AEA3DD5D751083AC96D61F46B446A614A872;2022/2/10 12:40:55
  27. 2022/2/10 12:41:03;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch5-malspam-and-malware-with-Cobalt-Strike-sample\epoch5-attachments\report_50513389.xls;VBA/TrojanDropper.Agent.CLG trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;2671019495BAAC2F53E3760184CCE0768671DDF5;2022/2/10 12:40:55
  28. 2022/2/10 12:41:03;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch5-malspam-and-malware-with-Cobalt-Strike-sample\epoch5-attachments\h 0802.xls;VBA/TrojanDropper.Agent.CLG trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;35EDBFEF8A43C8C4B705956131B318D8E338DE03;2022/2/10 12:40:55
  29. 2022/2/10 12:41:03;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch5-malspam-and-malware-with-Cobalt-Strike-sample\epoch5-attachments\untitled 5937452512.xls;VBA/TrojanDropper.Agent.CLG trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;B4BEE09A06586065A13BF3CDF878479B7A6838BC;2022/2/10 12:40:55
  30. 2022/2/10 12:41:05;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch5-malspam-and-malware-with-Cobalt-Strike-sample\epoch5-attachments\untitled_08022022.xls;VBA/TrojanDropper.Agent.CLG trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;A60E37EEFF85BD94314F7B18DB8E15CA69CADE4B;2022/2/10 12:40:55
  31. 2022/2/10 12:41:05;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch5-malspam-and-malware-with-Cobalt-Strike-sample\epoch5-malware-and-artifacts\gtrhfxlqswyy.dll;Win64/TrojanDownloader.Agent.OE trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;62964395BBC5FBEE65DAC62E0233CE8377674B2C;2022/2/10 12:40:55
  32. 2022/2/10 12:41:05;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch5-malspam-and-malware-with-Cobalt-Strike-sample\epoch5-malware-and-artifacts\Milossd.dll;Win32/Emotet.CQ trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;E38BCF31E93DFA0A2D75FBEA1384A73B12461530;2022/2/10 12:40:55
  33. 2022/2/10 12:41:05;Real-time file system protection;file;C:\Users\Administrator\Downloads\Emotet-epoch4-malspam-and-malware\Emotet-epoch5-malspam-and-malware-with-Cobalt-Strike-sample\epoch5-malware-and-artifacts\qohjzcupnjkcuu.ddd;a variant of Win32/Kryptik.HOHO trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;B9C54FC7A5BF5D570845F6752E37EDE55D56D927;2022/2/10 12:40:55
复制代码


回复

举报

傻猪猪米走鸡
发表于 2022-2-10 12:44:04 | 显示全部楼层
秋日之殇 发表于 2022-2-10 10:56
卡巴剩余邮件样本,其他的都杀了,其中有一个xls文档卡巴清除

ESET也一样
回复

举报

火绒工程师
发表于 2022-2-10 14:24:55 | 显示全部楼层
00006666 发表于 2022-2-10 12:39
@火绒工程师 分析入库下样本

已经入库进行分析了,非常感谢
回复

举报

NT狼狼
发表于 2022-2-10 15:36:49 | 显示全部楼层
毒霸26x
数字13x
回复

举报

ANY.LNK
发表于 2022-2-11 07:45:52 | 显示全部楼层
MS Defender:解压+扫描清空,其中全部邮件删除恶意部分
回复

举报

12
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-5-5 23:28 , Processed in 0.084041 second(s), 15 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表