龟包 240107 30X

神龟Turmi

https://turtlesusp.run/samples/f ... rtleSUSP-240107.zip

WithSecure：




扫描27X（有一个样本报了两次）双击2X EDR危急风险1X（不计入） 合计29/30

心醉咖啡

360

Baby小尧

ESET解压kill 28x 05号样本杀黑dll，08、13两个样本双击miss

牛逼啊

360

mmmaoo

江民 26x：

神龟Turmi

Baby小尧 发表于 2024-1-7 13:06
ESET解压kill 27x 05号样本双击未检查到进程，08、13两个样本双击miss

05注意dllhost
这是iobit白加黑 exe是白的 dll是黑的

hansyu

Baby小尧 发表于 2024-1-7 13:06
ESET解压kill 27x 05号样本双击未检查到进程，08、13两个样本双击miss

05的dll已经被云杀，所以你应该无法正常运行。

UNknownOoo

火绒
扫描：25X

1. 扫描文件：42
   
2. 发现风险：25
   
3. 已处理风险：0
   
4. 病毒详情：
   
5. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-03-NJRat-ce0020.exe, 病毒名：Backdoor/Bladabindi.e, 病毒ID：b9ee43a9c2556cba, 处理结果：暂不处理
   
6. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-04-NJRat-d96e8f.exe, 病毒名：Backdoor/Bladabindi.e, 病毒ID：b9ee43a9c2556cba, 处理结果：暂不处理
   
7. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-06-Redline-8bbef9.exe, 病毒名：TrojanSpy/MSIL.PwStealer.k, 病毒ID：e3eed2b52ebfe1b7, 处理结果：暂不处理
   
8. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-07-Purelogs-ac5e54.exe, 病毒名：Backdoor/Meterpreter.ak, 病毒ID：a00d08efda1aa78c, 处理结果：暂不处理
   
9. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-10-StormKitty-db61c7.exe, 病毒名：Trojan/MSIL.Starter.j, 病毒ID：b9b0ad59cd619efb, 处理结果：暂不处理
   
10. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-11-StormKitty-a48ab6.exe, 病毒名：TrojanDropper/MSIL.Agent.v, 病毒ID：df4c8a1395d1edcc, 处理结果：暂不处理
    
11. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-12-Miner-e776ac.exe, 病毒名：Trojan/W64.CoinMiner.by, 病毒ID：3fcb78e528f39e74, 处理结果：暂不处理
    
12. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-15-CobaltStrike-1bddd4.exe, 病毒名：Backdoor/CobaltStrike.d, 病毒ID：9c6caf6b7979d2d0, 处理结果：暂不处理
    
13. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-14-CobaltStrike-816da6.exe, 病毒名：Backdoor/CobaltStrike.d, 病毒ID：9c6caf6b7979d2d0, 处理结果：暂不处理
    
14. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-18-Expiro-8688c0.exe, 病毒名：Virus/W64.Expiro.p@U, 病毒ID：dd2e5bcd0c933847, 处理结果：暂不处理
    
15. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-17-Expiro-3d5d51.exe, 病毒名：Virus/W64.Expiro.p@U, 病毒ID：dd2e5bcd0c933847, 处理结果：暂不处理
    
16. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-19-Expiro-3cba45.exe, 病毒名：Virus/W64.Expiro.p@U, 病毒ID：dd2e5bcd0c933847, 处理结果：暂不处理
    
17. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-20-Expiro-8fe8ce.exe, 病毒名：Virus/W64.Expiro.p@U, 病毒ID：dd2e5bcd0c933847, 处理结果：暂不处理
    
18. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-21-Expiro-6afa85.exe, 病毒名：Virus/W64.Expiro.p@U, 病毒ID：dd2e5bcd0c933847, 处理结果：暂不处理
    
19. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-24-Antavmu-daa40a.exe, 病毒名：Trojan/Antavmu, 病毒ID：4f3ee42ab5db0523, 处理结果：暂不处理
    
20. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-09-NJRat-85f1b4.exe >> testing.exe, 病毒名：Trojan/Agent.xn, 病毒ID：f637ef7c7c8ee392, 处理结果：暂不处理
    
21. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-25-Antavmu-559e70.exe, 病毒名：Trojan/Antavmu, 病毒ID：4f3ee42ab5db0523, 处理结果：暂不处理
    
22. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-22-Expiro-6248c7.exe, 病毒名：Virus/W64.Expiro.p@U, 病毒ID：dd2e5bcd0c933847, 处理结果：暂不处理
    
23. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-23-Miner-6c975d.exe, 病毒名：Trojan/W64.CoinMiner.by, 病毒ID：3fcb78e528f39e74, 处理结果：暂不处理
    
24. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-29-Berbew-cda438.exe, 病毒名：Worm/Mimail.a, 病毒ID：4e96b616a2af8041, 处理结果：暂不处理
    
25. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-26-Expiro-fd7a6c.exe, 病毒名：Virus/W64.Expiro.p@U, 病毒ID：dd2e5bcd0c933847, 处理结果：暂不处理
    
26. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-28-Facido-e38b98.exe, 病毒名：TrojanDropper/Agent.ei, 病毒ID：79730ce8a0c94242, 处理结果：暂不处理
    
27. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-01-Rootkit-ac7b1b.sys, 病毒名：Rootkit/StartPage.bd, 病毒ID：d2045ecfe32bf7a4, 处理结果：暂不处理
    
28. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-02-Rootkit-ef0b03.sys, 病毒名：Rootkit/StartPage.bd, 病毒ID：d2045ecfe32bf7a4, 处理结果：暂不处理
    
29. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-27-Sfone-caefeb.exe, 病毒名：HVM:Trojan/MalBehav.gen!A, 病毒ID：90261321ca2450f9, 处理结果：暂不处理

复制代码

X-Sec
扫描：25X

1. ---------------------
   
2. 2024/01/07 13:13:48 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-02-Rootkit-ef0b03.sys -- [xave-cloud] PUA.Generic
   
3. 2024/01/07 13:13:48 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-01-Rootkit-ac7b1b.sys -- [xave-cloud] PUA.Generic
   
4. 2024/01/07 13:13:49 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-03-NJRat-ce0020.exe -- [rame-classic] Backdoor.njRAT!1.9E49
   
5. 2024/01/07 13:13:49 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-04-NJRat-d96e8f.exe -- [rame-classic] Backdoor.njRAT!1.9E49
   
6. 2024/01/07 13:13:50 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-06-Redline-8bbef9.exe -- [xave-heur] Heur:Stealer.Generic
   
7. 2024/01/07 13:13:50 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-07-Purelogs-ac5e54.exe -- [rame-cloud] Backdoor.Androm!8.113
   
8. 2024/01/07 13:13:51 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-09-NJRat-85f1b4.exe -- [rame-classic] Backdoor.njRAT!1.9E49
   
9. 2024/01/07 13:13:52 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-10-StormKitty-db61c7.exe -- [rame-cloud] Trojan.Starter/MSIL!1.B6BA
   
10. 2024/01/07 13:13:53 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-11-StormKitty-a48ab6.exe -- [rame-rdm.msil2] Malware.Obfus/MSIL@AI.100
    
11. 2024/01/07 13:13:54 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-12-Miner-e776ac.exe -- [rame-tfe] Trojan.Agent!8.B1E
    
12. 2024/01/07 13:13:54 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-13-Unknown-0e2013.exe -- [rame-classic] Downloader.Agent/BAT!1.DEF0
    
13. 2024/01/07 13:13:55 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-14-CobaltStrike-816da6.exe -- [rame-classic] Backdoor.CobaltStrike/x64!1.E382
    
14. 2024/01/07 13:13:56 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-15-CobaltStrike-1bddd4.exe -- [rame-classic] Backdoor.CobaltStrike/x64!1.E382
    
15. 2024/01/07 13:13:57 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-16-Reverse-69c288.exe -- [rame-tfe] Trojan.ReverseShell!8.5EA1
    
16. 2024/01/07 13:13:58 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-18-Expiro-8688c0.exe -- [rame-classic] Virus.Expiro!1.A140
    
17. 2024/01/07 13:14:01 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-21-Expiro-6afa85.exe -- [rame-classic] Virus.Expiro!1.A140
    
18. 2024/01/07 13:14:02 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-22-Expiro-6248c7.exe -- [rame-classic] Virus.Expiro!1.A140
    
19. 2024/01/07 13:14:03 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-23-Miner-6c975d.exe -- [rame-tfe] Trojan.Agent!8.B1E
    
20. 2024/01/07 13:14:03 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-24-Antavmu-daa40a.exe -- [rame-cloud] Trojan.Win32.Antavmu.d
    
21. 2024/01/07 13:14:04 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-25-Antavmu-559e70.exe -- [rame-cloud] Trojan.Win32.Antavmu.d
    
22. 2024/01/07 13:14:06 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-27-Sfone-caefeb.exe -- [rame-classic] Worm.Agent!1.CEBD
    
23. 2024/01/07 13:14:07 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-28-Facido-e38b98.exe -- [rame-classic] Dropper.Agent!1.B38C
    
24. 2024/01/07 13:14:08 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-29-Berbew-cda438.exe -- [rame-classic] Backdoor.Berbew!1.AE0A
    
25. 2024/01/07 13:14:09 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-30-Revenge-50a7ca.exe -- [rame-rdm.msil2] Malware.Obfus/MSIL@AI.88
    
26. 2024/01/07 13:14:12 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TurtleSUSP-240107\TurtleSUSP-240107-05-Hijack\Register.dll -- [rame-cloud] Trojan.Penguish!8.18A49

复制代码

18qaz

SEP 去重后29个

Miostartos

难得见到FS自家引擎发威超过1/3的