13x #NimbleMamba

显示全部楼层 · 发表于 2022-2-10 11:36:28

本帖最后由 swizzer 于 2022-2-10 14:04 编辑

https://pan.huang1111.cn/s/NBo9H1

智量
发帖前扫描 9x

建议报MalCert/BadCert之类的测试下双击

显示全部楼层 · 发表于 2022-2-10 11:45:28

Rising 9

显示全部楼层 · 发表于 2022-2-10 11:46:41

本帖最后由正在缓冲于 2022-2-10 11:49 编辑

Avast 9x，上报

12.exe无法上报，因为文件大于50MB

显示全部楼层 · 发表于 2022-2-10 11:48:10

本帖最后由 swizzer 于 2022-2-10 11:49 编辑

Norton
扫描4x
双击无反应

显示全部楼层 · 发表于 2022-2-10 11:49:26

本帖最后由 761773275 于 2022-2-10 11:54 编辑

Sophos 杀6个，剩余7个

显示全部楼层 · 发表于 2022-2-10 11:59:01

本帖最后由 NICO-COOPER 于 2022-2-10 15:10 编辑

SecureAPLUS apex引擎剩余3x，剩余上传UAV APEX引擎kill 12.exe

双击secureAplus默认竟然是受信任程序，连签名都没有

11.exe目前VT只有四家报，上传了好久，分析了一分多钟。沙盒分析卡死了

剩余样本已打包上报

显示全部楼层 · 发表于 2022-2-10 12:09:49

卡巴杀了7个，剩余的已上报。

显示全部楼层 · 发表于 2022-2-10 12:27:51

ESET 剩余5个
Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
2022/2/10 12:24:50;Real-time file system protection;file;C:\Users\Administrator\Downloads\sVRm6ipQ_13x\13.exe;a variant of MSIL/Packed.VMProtect.C suspicious application;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;C50C4B501677B6E5E8D857CBCD61A714A0F3E5D3;2022/2/10 12:24:45
2022/2/10 12:24:52;Real-time file system protection;file;C:\Users\Administrator\Downloads\sVRm6ipQ_13x\7.vbs;VBS/TrojanDownloader.Agent.WQA trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;317078819529355745DE5EE4046F47DC86C43F60;2022/2/10 12:24:45
2022/2/10 12:24:52;Real-time file system protection;file;C:\Users\Administrator\Downloads\sVRm6ipQ_13x\2.exe;a variant of Win32/GenCBL.BHZ trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;7F1D0A31315BC35EB908703361D28453110CD67B;2022/2/10 12:24:45
2022/2/10 12:24:52;Real-time file system protection;file;C:\Users\Administrator\Downloads\sVRm6ipQ_13x\1.exe;a variant of MSIL/Agent.VDE trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;FD9AEE91518CC7CBE0790FCFCE00E28C120E9716;2022/2/10 12:24:45
2022/2/10 12:24:53;Real-time file system protection;file;C:\Users\Administrator\Downloads\sVRm6ipQ_13x\3.exe;a variant of MSIL/Agent.VDE trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;AF2C2AF7F4ADC7BD5A2AC8172F7A381CF92775A2;2022/2/10 12:24:45
2022/2/10 12:24:55;Real-time file system protection;file;C:\Users\Administrator\Downloads\sVRm6ipQ_13x\4.exe;a variant of MSIL/Agent.VDE trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;11F77A8DED03C4C2FAC217CDF1E414EF13DCE5C4;2022/2/10 12:24:45
2022/2/10 12:24:55;Real-time file system protection;file;C:\Users\Administrator\Downloads\sVRm6ipQ_13x\6.exe;a variant of Win32/GenCBL.BHZ trojan;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;5109DAA5647094AE023C905AB75E271893349BB3;2022/2/10 12:24:45
2022/2/10 12:24:56;Real-time file system protection;file;C:\Users\Administrator\Downloads\sVRm6ipQ_13x\12.exe;a variant of MSIL/Packed.VMProtect.C suspicious application;cleaned by deleting;RayFAE2BF70C900\Administrator;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (DD8FDBED80E89DB0AF76A44F8FC349BB43E55F6E).;D26DE283DA20FD0F21C6608B92EBFF9DD74C3F38;2022/2/10 12:24:43

显示全部楼层 · 发表于 2022-2-10 15:09:02

swizzer 发表于 2022-2-10 11:48
Norton
扫描4x
双击无反应

Norton：

2022/2/10 15:03:09,中,检测到 10.exe (WS.Reputation.1) (检测方: 下载智能分析),已隔离,已解决 - 不需要操作,已执行威胁操作: 1
2022/2/10 15:03:08,中,检测到 8.exe (WS.Reputation.1) (检测方: 下载智能分析),已隔离,已解决 - 不需要操作,已执行威胁操作: 1
2022/2/10 15:03:08,中,检测到 9.exe (WS.Reputation.1) (检测方: 下载智能分析),已隔离,已解决 - 不需要操作,已执行威胁操作: 1
2022/2/10 15:03:07,高,检测到 7.vbs (ISB.Downloader!gen68) (检测方: 下载智能分析),已隔离,已解决 - 不需要操作,已执行威胁操作: 1
2022/2/10 15:03:07,高,检测到 7.vbs (ISB.Downloader!gen60) (检测方: 下载智能分析),已隔离,已解决 - 不需要操作,已执行威胁操作: 1
2022/2/10 15:03:06,中,检测到 6.exe (WS.Reputation.1) (检测方: 下载智能分析),已隔离,已解决 - 不需要操作,已执行威胁操作: 1
2022/2/10 15:03:05,高,检测到 5.exe (Trojan.Gen.MBT) (检测方: 下载智能分析),已隔离,已解决 - 不需要操作,已执行威胁操作: 1
2022/2/10 15:03:05,高,检测到 5.exe (Heur.AdvML.C) (检测方: 下载智能分析),已隔离,已解决 - 不需要操作,已执行威胁操作: 1
2022/2/10 15:03:04,高,检测到 3.exe (Heur.AdvML.B) (检测方: 下载智能分析),已隔离,已解决 - 不需要操作,已执行威胁操作: 1
2022/2/10 15:03:04,高,检测到 4.exe (Trojan.Gen.MBT) (检测方: 下载智能分析),已隔离,已解决 - 不需要操作,已执行威胁操作: 1
2022/2/10 15:03:04,高,检测到 4.exe (Heur.AdvML.A) (检测方: 下载智能分析),已隔离,已解决 - 不需要操作,已执行威胁操作: 1
2022/2/10 15:03:03,高,检测到 3.exe (Trojan.Gen.MBT) (检测方: 下载智能分析),已隔离,已解决 - 不需要操作,已执行威胁操作: 1
2022/2/10 15:03:03,中,检测到 2.exe (WS.Reputation.1) (检测方: 下载智能分析),已隔离,已解决 - 不需要操作,已执行威胁操作: 1
2022/2/10 15:03:02,高,检测到 13.exe (Heur.AdvML.A) (检测方: 下载智能分析),已隔离,已解决 - 不需要操作,已执行威胁操作: 1
2022/2/10 15:03:01,高,检测到 1.exe (Heur.AdvML.B) (检测方: 下载智能分析),已隔离,已解决 - 不需要操作,已执行威胁操作: 1

复制代码

12.exe损坏，11.exe观察中（防火墙有提示，但是默认选项是始终允许）

显示全部楼层 · 发表于 2022-2-10 15:12:29

本帖最后由 swizzer 于 2022-2-10 15:21 编辑

编辑

[病毒样本] 13x #NimbleMamba

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块