16x (2024-01-10)

显示全部楼层 · 发表于 2024-1-10 09:59:22

https://wormhole.app/jXP1B#QIQgRtuWMAHQqpxEXVJLBw

显示全部楼层 · 发表于 2024-1-10 10:03:53

本帖最后由 DisaPDB 于 2024-1-10 10:07 编辑

360 扫描12x

Loader：

显示全部楼层 · 发表于 2024-1-10 10:07:23

火绒
扫描：5X

扫描文件：20
发现风险：5
已处理风险：0
病毒详情：
风险路径：C:\Users\UnknownOoo\Downloads\Compressed\240110\02-#Lumma.exe, 病毒名：TrojanSpy/Stealer.ho, 病毒ID：82df060fc4710d22, 处理结果：暂不处理
风险路径：C:\Users\UnknownOoo\Downloads\Compressed\240110\ugopoundzx.exe, 病毒名：TrojanSpy/MSIL.AgentTesla.mq, 病毒ID：41467760e1a2a3a2, 处理结果：暂不处理
风险路径：C:\Users\UnknownOoo\Downloads\Compressed\240110\InstallSetup.exe >> [NSIS].nsi, 病毒名：TrojanDownloader/Agent.awf, 病毒ID：281b966198e1241e, 处理结果：暂不处理
风险路径：C:\Users\UnknownOoo\Downloads\Compressed\240110\03-#Guildma.exe, 病毒名：Trojan/Generic!52230CB60C5290DD, 病毒ID：52230cb60c5290dd, 处理结果：暂不处理
风险路径：C:\Users\UnknownOoo\Downloads\Compressed\240110\main.exe, 病毒名：TrojanSpy/Python.Stealer.f, 病毒ID：714b9da4a5f68218, 处理结果：暂不处理

复制代码

X-Sec
扫描：12X

---------------------
2024/01/10 10:06:32 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\240110\02-#Lumma.exe -- [rame-tfe] Trojan.Kryptik!8.8
2024/01/10 10:06:32 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\240110\01-#Lumma.exe -- [rame-rdm.msil2] Malware.Obfus/MSIL@AI.90
2024/01/10 10:06:34 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\240110\27ef6917fe32685fdf9b755eb8e97565.exe -- [rame-cloud] Stealer.BroPass!8.13424
2024/01/10 10:06:33 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\240110\03-#Guildma.exe -- [xave-cloud] Malware.QRSGeneric.5
2024/01/10 10:06:34 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\240110\Conted.ps1 -- [rame-topis] Dropper.Agent/PS!8.111A0
2024/01/10 10:06:34 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\240110\456.exe -- [rame-tfe] Trojan.Injector!8.C4
2024/01/10 10:06:35 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\240110\Gang.exe -- [rame-cloud] Stealer.Agent!8.C2
2024/01/10 10:06:35 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\240110\Import_Payment.vbs -- [xave-cloud] Downloader.Generic
2024/01/10 10:06:36 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\240110\InstallSetup.exe -- [rame-cloud] Stealer.Stealerc!8.17BE0
2024/01/10 10:06:37 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\240110\main.exe -- [rame-classic] Stealer.Empyrean/PYC!1.EACF
2024/01/10 10:06:38 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\240110\NXTPKIENT.exe -- [rame-cloud] Stealer.BroPass!8.13424
2024/01/10 10:06:38 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\240110\ugopoundzx.exe -- [rame-rdm.msil2] Malware.Obfus/MSIL@AI.90

复制代码

显示全部楼层 · 发表于 2024-1-10 10:10:18

卡巴斯基

显示全部楼层 · 发表于 2024-1-10 10:15:11

本帖最后由祸兮福所倚于 2024-1-10 10:19 编辑

小Akill13/16|丢失2X|剩余1个双击拦截无法运行

显示全部楼层 · 发表于 2024-1-10 10:34:56

本帖最后由莒县小哥于 2024-1-10 10:36 编辑

显示全部楼层 · 发表于 2024-1-10 12:39:10

本帖最后由 LSPLDD 于 2024-1-10 13:28 编辑

BD
静态:
01-#Lumma.exe
02-#Lumma.exe
03-#Guildma.exe
456.exe
Gang.exe
Import_Payment.vbs
InstallSetup.exe
main.exe
ugopoundzx.exe
27ef6917fe32685fdf9b755eb8e97565.exe
双击\运行:
Spooler05.exe
invoice#5487214847577.wsf (外链)
240110\NXTPKIENT.exe (衍生)
剩余:
Loader
Conted.ps1
getamIWillSmith.ps1

Elastic
静态:
01-#Lumma.exe
02-#Lumma.exe
03-#Guildma.exe
456.exe
ugopoundzx.exe
Gang.exe
双击\运行:
Conted.ps1
getamIWillSmith.ps1
main.exe
Loader
27ef6917fe32685fdf9b755eb8e97565.exe (衍生)
InstallSetup.exe (衍生)
NXTPKIENTS.exe (衍生)
剩余:
Import_Payment.vbs
invoice#5487214847577.wsf
Spooler05.exe

显示全部楼层 · 发表于 2024-1-10 13:00:58

eset剩余

显示全部楼层 · 发表于 2024-1-10 14:08:28

本帖最后由 Baby小尧于 2024-1-10 14:24 编辑

ESET 扫描剩余3x live guard删除 ps1样本 loader文件夹内的UniversalInstaller双击拦截外联总计kill15x

时间;扫描程序;对象类型;对象;检测;操作;用户;信息;哈希;此处首次所见
2024/1/10 14:05:01;ESET LiveGuard;文件;C:\Users\1\Desktop\240110\240110\Conted.ps1;ESET LiveGuard 特洛伊木马;已删除;;;27DF257295C31F7278BB91B6742FE240490545E8;2024/1/10 14:01:18

时间;URL;状态;检测;应用程序;用户;IP 地址;哈希
2024/1/10 14:22:28;http://185.172.128.32/ma.exe;已阻止;内部 IP 黑名单;C:\Users\1\AppData\Local\Temp\RarExt32.exe;DESKTOP-V7UPBEB\1;185.172.128.32;FD891E25413B31D58E0B96288704606F535183E1

显示全部楼层 · 发表于 2024-1-10 18:20:37

DisaPDB 发表于 2024-1-10 10:03
360 扫描12x

共计16X

360 Total Security扫描日志
扫描时间：2024-01-10 18:19:36
扫描用时：00:00:05
扫描项目总数：20
威胁总数：14
处理威胁数：14
扫描选项
----------------------
扫描压缩包：否
常规引擎设置：鲲鹏引擎
扫描内容
----------------------
C:\Users\Administrator\Desktop\240110\
扫描结果
======================
高风险项目
----------------------
C:\Users\Administrator\Desktop\240110\02-#Lumma.exe A8DACE7C846F4EF07BB755707A0DD1B0 E5660AB0F3CBE65474D8859ED28A4E89547FF3CC 70,3,2,4,280,1,256, || 0_0_1 [360云查杀引擎][Win32/TrojanDownloader.Zloader.HxQBjBUB][隔离文件][已处理]
C:\Users\Administrator\Desktop\240110\01-#Lumma.exe D6827143DEA10743FBE533E6430574E8 6D4061A6189F9FCE2594963D96CBD0D28F71F210 70,3,2,4,280,1,256, || 0_0_1 [360云查杀引擎][Win32/TrojanDropper.Generic.HgIATRAA][隔离文件][已处理]
C:\Users\Administrator\Desktop\240110\03-#Guildma.exe 2234F1CA1D4B32C4F525D76500786B8E 08D577ED3945B3772346934052CF95AF35B3FC99 70,3,2,4,280,1,256, || 0_0_1 [360云查杀引擎][Win32/Trojan.Generic.HxQBd1wA][隔离文件][已处理]
C:\Users\Administrator\Desktop\240110\27ef6917fe32685fdf9b755eb8e97565.exe 27EF6917FE32685FDF9B755EB8E97565 6D531B021B20FEBF1DAFA730582944EB82D9C6F3 70,3,2,4,280,1,256, || 0_0_1 [360云查杀引擎][Win64/TrojanPSW.Generic.HgEATREA][隔离文件][已处理]
C:\Users\Administrator\Desktop\240110\456.exe F181B08D7D06F955A53A2593B3596991 C2AF74C384C68491121799A8D89B5CD4322C41B2 70,3,2,4,280,1,256, || 0_0_1 [360云查杀引擎][Win64/Trojan.Inject.HgEATRMA][隔离文件][已处理]
C:\Users\Administrator\Desktop\240110\Gang.exe D4AA07253504503ADBE12331EE6149B6 0CC08CE3B73D40946C1B6FBC89000E927269EE97 70,3,2,4,280,1,256, || 0_0_1 [360云查杀引擎][Win32/TrojanSpy.Generic.HgIATRIA][隔离文件][已处理]
C:\Users\Administrator\Desktop\240110\main.exe 6BE0BE00267BDEAA24F14BAC12C841D9 1A537A7616A43842EB94D4794C34CF80E32D1DA2 70,3,2,4,280,1,256, || 0_0_1 [360云查杀引擎][Win64/TrojanPSW.Generic.HgEATRMA][隔离文件][已处理]
C:\Users\Administrator\Desktop\240110\NXTPKIENT.exe 7B6D02A459FDAA4CAA1A5BF741C4BD42 4EEA45C22881A092AC7A8B0A5379076D5803E83E 70,3,2,4,280,1,256, || 0_0_1 [360云查杀引擎][Win64/TrojanPSW.Generic.HgEATRIA][隔离文件][已处理]
C:\Users\Administrator\Desktop\240110\InstallSetup.exe AABD69BA023D8A43654A3D93013F4006 4E7D22E88BA6DC2FFC65C1D6D06F9E750D81960C 70,3,2,4,280,1,256, || 0_0_1 [360云查杀引擎][Win32/TrojanPSW.Generic.HoMATRIA][隔离文件][已处理]
C:\Users\Administrator\Desktop\240110\ugopoundzx.exe 85D09F80E9DE86342D531D2CB37F1B61 606E085FAEA3E7A31FC7B2A5BD4FBC0FB47A5356 70,3,2,4,280,1,256, || 0_0_1 [360云查杀引擎][Win32/Heur.Generic.HwMAjU4A][隔离文件][已处理]
C:\Users\Administrator\Desktop\240110\Spooler05.exe 104B8BFC2C3842A04C6A501E88603724 11E31B685241756580F87D143466DAB104E6B36B 70,3,2,4,280,1,256, || 0_0_1 [360云查杀引擎][Win32/Heur.Generic.HxQBi6AA][隔离文件][已处理]
C:\Users\Administrator\Desktop\240110\Conted.ps1 089315EBEAC43E1A45DA3014F56C5006 27DF257295C31F7278BB91B6742FE240490545E8 70,3,2,4,280,1,256, || 0_0_0 [360云查杀引擎][Generic/Trojan.Generic.HskATRQA][隔离文件][已处理]
C:\Users\Administrator\Desktop\240110\Import_Payment.vbs 03C2247A87E2E6AFA3759D6D16359478 D0D2129FDCC0F392AC38770FB3663BC80BEF98BF 70,6,2,4,280,1,256, || 0_0_0 [QEX脚本查杀引擎][virus.vbs.qexvmc.1][隔离文件][已处理]
C:\Users\Administrator\Desktop\240110\invoice#5487214847577.wsf 918E30FC0444C809EDC8BC13919E085A 5687DA43B40B70FDDCFE5E04C077F146FAA034FF 70,3,2,4,280,1,256, || 0_0_0 [360云查杀引擎][Generic/Trojan.Generic.HskATRQA][隔离文件][已处理]

复制代码

[病毒样本] 16x (2024-01-10)

本帖子中包含更多资源

评分

本帖子中包含更多资源

评分

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源