#银狐 (2023-06-19)

显示全部楼层 · 发表于 2023-6-19 15:30:16

本帖最后由 swizzer 于 2023-6-19 15:52 编辑

https://t.wss.ink/f/bhpswv6k9ur

BEST missed.

显示全部楼层 · 发表于 2023-6-19 15:39:36

卡巴杀一个dll文件

显示全部楼层 · 发表于 2023-6-19 15:43:13

火绒
扫描&双击均MISS

显示全部楼层 · 发表于 2023-6-19 15:59:29

腾管 kill dll文件

显示全部楼层 · 发表于 2023-6-19 16:23:48

We have received an update from our Antimalware Team in which we are informed that the file is malicious and detection will be added where needed in the next couple of updates.
• File ada_exe[6941e650acc328a77edde817941da0d2] declared CLEAN
• File hxgetword64_dll[b55243dad303b95238d4487b502fb540] declared INFECTED
Please let us know if there is anything else we can assist you with or if we may close this case.

显示全部楼层 · 发表于 2023-6-19 16:46:35

Avira miss all

显示全部楼层 · 发表于 2023-6-19 16:50:51

Avast miss

显示全部楼层 · 发表于 2023-6-19 16:53:08

crowdstrike dll解压杀，剩下exe无法运行

显示全部楼层 · 发表于 2023-6-19 17:16:48

EMSI 蜘蛛 miss

显示全部楼层 · 发表于 2023-6-19 17:18:11

SentinelOne
Behavior AI killed

Injection
Library was injected to a remote process
MITRE : Defense Evasion [T1055]
MITRE : Privilege Escalation [T1055]

Exploitation
Detected a shellcode that loads a DLL with socket APIs after process creation
MITRE : Defense Evasion [T1055.001]
MITRE : Privilege Escalation [T1055.001]
Detected Malicious shellcode execution
MITRE : Execution [T1059][T1203]

[病毒样本] #银狐 (2023-06-19)

本帖子中包含更多资源

本帖子中包含更多资源

评分