郵箱伺服器收到的可疑文件x1

显示全部楼层 · 发表于 2022-7-26 09:55:26

密碼：infected

今天又來一個樣本
卡巴斯基只分析出有可疑行為，但是判定安全
感覺又要有一波感染潮了

Suspicious activity
File time attributes modification via SetFileTime (MITRE: T1070.006 Indicator Removal on Host: Timestomp)
Sandbox.SuspiciousEvents.Template.set_fake_file_time

Kaspersky
https://opentip.kaspersky.com/384D7FC0BB89B0FEC770A1FFFD775F9DEE8E6CA461D443B6CFE9FC867F008674/

Virustotal
https://www.virustotal.com/gui/file/384d7fc0bb89b0fec770a1fffd775f9dee8e6ca461d443b6cfe9fc867f008674

Intezer
https://analyze.intezer.com/analyses/4f548177-8e55-4d00-8b3d-18aa3c905678/genetic-analysis

显示全部楼层 · 发表于 2022-7-26 10:10:40

ATD kill

Potentially malicious application blocked
Feature: Advanced Threat DefenseYou must restart your device to finalize the cleaning process.Application TNT_AWB_AND_INVOICE_06859.exe has been detected as potentially malicious and was blocked.Application path: E:\infected\TNT_AWB_AND_INVOICE_06859\TNT_AWB_AND_INVOICE_06859.exeCommand line parameters: "E:\infected\TNT_AWB_AND_INVOICE_06859\TNT_AWB_AND_INVOICE_06859.exe" Detection ID: SuspiciousBehavior.D578C980347A7E2B

Bitdefender moved a threat to quarantine. File name: C:\Users\____ \AppData\Roaming\Microsoft\Windows\Start Menu\Ironhandedly\Sideage\Lactiferous\nubilous\Ukasen\rt64win7.sys
Bitdefender moved a threat to quarantine. File name: E:\infected\TNT_AWB_AND_INVOICE_06859\TNT_AWB_AND_INVOICE_06859.exe

显示全部楼层 · 发表于 2022-7-26 10:18:19

McAfee RP 1x

显示全部楼层 · 发表于 2022-7-26 10:41:20

智量
扫描：Heur.ML.PE.A
双击（实体机）：WIBD:HEUR.MalBehavior.B

感觉不太行啊，连静态扫描都过不了（

显示全部楼层 · 发表于 2022-7-26 10:43:32

Microsoft
Trojan:Win32/Sabsik.FL.B!ml

复制代码

显示全部楼层 · 发表于 2022-7-26 10:45:18

本帖最后由 huangzihang 于 2022-7-26 11:05 编辑

反沙盒
这个猎鹰的报法真是奇怪啊，信效度？置信水平？
在不发生第一类错误的前提下，有60%把握认为它是恶意的的意思...?

显示全部楼层 · 发表于 2022-7-26 10:51:16

Malwarebytes、卡巴、火绒，miss

显示全部楼层 · 发表于 2022-7-26 10:59:39

Hello,

New malicious software was found in the attached file. Its detection will be included in the next update.
HEUR:Trojan-Dropper.Win32.Agent.gen
Thank you for your help.

Best regards, Maxim Starodubov, Malware analyst, Kaspersky Lab

显示全部楼层 · 发表于 2022-7-26 11:01:25

双击，监控报毒

显示全部楼层 · 发表于 2022-7-26 11:01:55

pal家族发表于 2022-7-26 02:59
Hello,

New malicious software was found in the attached file. Its detection will be included in t ...

这回复真快

[可疑文件] 郵箱伺服器收到的可疑文件x1

本帖子中包含更多资源

评分

本帖子中包含更多资源

浏览过的版块