远控 1x

GDHJDSYDH

DLL目前只有这个没有给正版用户端下发机学却在VT上有机学的越南AV通过机学报毒

aikafans

kuroandsan 发表于 2023-12-5 11:26
衍生物里那个dll似乎是黑的

dll目前也只有bkav一家报
https://www.virustotal.com/gui/f ... 3de49c860987024ef5a

kuroandsan

LeeHS 发表于 2023-12-5 11:31
crowdstrike exe双击后没反应，miss？

看看programdata下有没有随机名文件夹

anthonyqian

aikafans 发表于 2023-12-5 11:21
eis、norton、360miss、沙盒运行自动退出
另外，vt也是绿油油一片
https://www.virustotal.com/gui/file/ ...

白加黑 为什么要看白文件的vt结果……

t0kenzero

DI Kill



Cylance Kill




Elastic



顺便看下华为EDR撞到的HIPS吧

1. [2023-12-05 14:20:08.538][Info]        [6728] [GRAPH THREAT ROOT NULL]: [headUuid] {6882FA21-C1EE-6568-0000-00100F910300}, [headName] C:\Windows\System32\svchost.exe, [hitRule] TN01078
   
2. [2023-12-05 14:20:08.539][Info]        [6728] [HIPS ALERT]: Push, [ALERT INFO]: [threat_num]:TN01078, [severity]:4, [confidence_level]:75, [attack_count]:1, [ori_evt_count]:1, [disposal_count]:0
   
3. [2023-12-05 14:20:08.539][Info]        [6728] [HIPS ATTACK EVIDENCE]: [REG INFO] [operation_type]:102, [pid]:4700, [process_name]:svchost.exe, [file_path]:C:\Windows\System32\svchost.exe,
   
4. [parent_pid]:856, [parent_name]:services.exe,
   
5. [path]:\REGISTRY\USER\S-1-5-21-1581391673-1208432722-1479867580-1000_Classes\AppXreyvazcs64j2pgtpwyt49g6ce85mwrwg\Shell\open\command\DelegateExecute,
   
6. [value]:{4ED3A719-CEA8-4BD9-910D-E252F997AFC2}
   
7. [2023-12-05 14:20:08.539][Info]        [6728] [HIPS PERF ANALYSE]: [TIME CONSUME]:3(ms), [BYTE SIZE]:513

复制代码

仰望星空--风影

乾坤右键miss

hhhq316

蜘蛛 EMSI扫描Miss

Eset小粉絲

New malicious software was found in the attached file.
Trojan.Win64.Loader
Its detection will be included in the next update.
Thank you for your help.

Best regards, Alexey Safonov, Malware Analyst, Kaspersky Lab

卡巴已杀

LeeHS

kuroandsan 发表于 2023-12-5 12:29
看看programdata下有没有随机名文件夹

可能miss了,但删除之后再次运行就没有生成，不确定

Hibike