Danabot 白加黑 1X

hsks

https://wwtw.lanzouq.com/i4oYz1ekb5na

发错了（

秋日之殇

更新后的这个，执行后卡巴目前没有反应，网络连接正常建立

hsks

秋日之殇 发表于 2023-11-11 21:16
事件: 检测到恶意对象
应用程序名称: WinRAR.exe
应用程序路径: D:\WinRAR

草了，好像发错了，等下

dght432

寄了

心醉咖啡

金山毒霸

Hibike

DI killed.

UNknownOoo

火绒
扫描&双击均MISS

真小读者

瑞星1X

zfc234

McAfee 扫描双击均miss
运行一会儿后ManageEngine NGAV行为检测捉

Alert : Browser secret stealer

Process suspects malware detection known for dumping browser credentials and desktop .txt files.
Behavior : Local Scheduled Task Creation

A scheduled task can be used by an adversary to establish persistence, move laterally, and/or escalate privileges. By creating a scheduled task, adversaries can execute actions on a recurring basis, maintaining a foothold within the compromised environment.
MITRE Info
:
t1053 - scheduled_taskjob
Behavior : Process identified file dropping

Process identified behavior that may be indicative of various actions such as installing new software, delivering payloads, or planting malicious files for persistence or other malicious activities.
File Path
:
c:\users\noah\appdata\local\temp\63f7d63a.exe
Event Type
:
File Event
Operation
:
Create
Behavior : Browser secret stealer

Process suspects malware detection known for dumping browser credentials and desktop .txt files.
File Path
:
c:\users\noah\appdata\roaming\mozilla\firefox\profiles\7h6nwky2.default-release\cookies.sqlite
Event Type
:
File Event
Operation
:
Read
Behavior : Shortcut File Written or Modified for Persistence

Process identified files written to or modified in the startup folder by commonly abused processes. Adversaries may use this technique to maintain persistence. By modifying or creating shortcut files in the startup folder, adversaries can execute malicious actions at system startup, ensuring persistence and maintaining access to the compromised system.
MITRE Info
:
t1547 - boot_or_logon_autostart_execution
File Path
:
c:\users\noah\appdata\roaming\microsoft\windows\start menu\programs\startup\desktop.ini
Event Type
:
File Event
Operation
:
Read

GDHJDSYDH

EIS kill dll 2x
时间;扫描程序;对象类型;对象;检测;操作;用户;信息;哈希;此处首次所见
2023/11/11 13:15:48;文件系统实时防护;文件;C:\Users\gdhjd\Downloads\h\http_dll.dll;Win32/TrojanDownloader.Rugmi.AAN 特洛伊木马;已通过删除清除;在通过应用程序创建的新文件上发生了事件: C:\Program Files\Bandizip\Bandizip.exe (B3953181F83BE51347D6D214560084F22333027D).;E3C82AFCAD6DF979A0D35011D88B4352F8645409;2023/11/6 6:29:58
时间;扫描程序;对象类型;对象;检测;操作;用户;信息;哈希;此处首次所见
2023/11/11 13:15:48;文件系统实时防护;文件;C:\Users\gdhjd\Downloads\h\townspeople.7z;Win32/TrojanDownloader.Rugmi.ABQ 特洛伊木马;已通过删除清除;在通过应用程序创建的新文件上发生了事件: C:\Program Files\Bandizip\Bandizip.exe (B3953181F83BE51347D6D214560084F22333027D).;4BCA9BC331E30A619D56028C915F3067133D90E4;2023/11/6 6:29:58