恶意msi 白加黑 new

显示全部楼层 · 发表于 2023-6-19 20:04:34

https://pan.huang1111.cn/s/RZARsB

备用：https://t.wss.ink/f/bhrrgkzzpsf

显示全部楼层 · 发表于 2023-6-19 20:08:26

火绒扫描miss

显示全部楼层 · 发表于 2023-6-19 20:08:40

本帖最后由 swizzer 于 2023-6-19 20:34 编辑

The app C:\Users\Public\Documents\62O1P\EQ6d5@v1\ConsoleProxy.exe has been detected as a potentially unwanted application and was moved to quarantine.
Detection name: Application.Agent.LCC

复制代码

显示全部楼层 · 发表于 2023-6-19 20:10:21

Wps_ Setup.msi detected as PUP

显示全部楼层 · 发表于 2023-6-19 20:10:49

360 时间操作说明次数
2023-06-19 20:10:02 [已清除] 发现木马：Generic/Trojan.Generic.HnoATEcA 防护 1 次
详细描述：
木马名称：Generic/Trojan.Generic.HnoATEcA
所在路径：C:\Users\Aserdong\AppData\Local\Temp\360zip$Temp\360$0\WPS_Setup.msi

显示全部楼层 · 发表于 2023-6-19 20:13:07

显示全部楼层 · 发表于 2023-6-19 20:22:27

本帖最后由 anthonyqian 于 2023-6-20 08:31 编辑

ESET 0

The detection for this threat will be included in the next update of detection engine, expected version: 27435.

WPS_Setup.msi - Win32/Farfli.DCK trojan

显示全部楼层 · 发表于 2023-6-19 20:49:33

WD kill msi Trojan:Win32/Spursint.F!cl

显示全部楼层 · 发表于 2023-6-19 20:58:19

Avast miss

显示全部楼层 · 发表于 2023-6-19 21:07:43

SentinelOne
Shellcode detected

Persistence
Application registered itself to become persistent via service
MITRE : Privilege Escalation [T1543.003][T1547.001]
MITRE : Persistence [T1543.003][T1547.001]

Exploitation
Detected a shellcode that loads a DLL with socket APIs after process creation
MITRE : Defense Evasion [T1055.001]
MITRE : Privilege Escalation [T1055.001]

Reconnaissance
Network sniffing API DLL loaded
MITRE : Credential Access [T1040]
MITRE : Discovery [T1040]
A known network sniffing executable was run
MITRE : Credential Access [T1040]
MITRE : Discovery [T1040]

Evasion
Indirect command was executed
MITRE : Defense Evasion [T1218][T1202]

General
User logged on
MITRE : Persistence [T1078]
MITRE : Defense Evasion [T1078]
MITRE : Privilege Escalation [T1078]
MITRE : Initial Access [T1078]

[病毒样本] 恶意msi 白加黑 new

本帖子中包含更多资源