龟包 240311 16X

显示全部楼层 · 发表于 2024-3-12 00:12:58

下载：
https://malware.camp/Turtle/TurtleSUSP-240311.zip
分流：
https://mirrors-s1.malware.camp/Turtle/TurtleSUSP-240311.zip
https://mirrors-s2.malware.camp/Turtle/TurtleSUSP-240311.zip
https://mirrors-s3.malware.camp/Turtle/TurtleSUSP-240311.zip
龟包列表：
https://malware.camp/Turtle/

SentinelOne:

扫描13X（12X机学+1X云）双击主防2X Miss12号
EDR捉到高危行为但是我没有开启STAR自动响应所以EPP层面算Miss
合计15/16

显示全部楼层 · 发表于 2024-3-12 00:13:32

本帖最后由 t0kenzero 于 2024-3-12 00:26 编辑

Cylance Kill All

DI

显示全部楼层 · 发表于 2024-3-12 00:17:46

PYAS

显示全部楼层 · 发表于 2024-3-12 00:22:43

火绒（未开高启发
扫描：9x

扫描文件：16
发现风险：9
已处理风险：9
病毒详情：
风险路径：C:\Users\Serendipity\Desktop\TS-240311-09-Stealc-4912d9.exe, 病毒名：VirTool/Obfuscator.fq, 病毒ID：87f0b01289503335, 处理结果：已处理，删除文件
风险路径：C:\Users\Serendipity\Desktop\TS-240311-10-Remcos-7ec732.exe, 病毒名：HEUR:VirTool/MSIL.Obfuscator.gen!A, 病毒ID：3fda44dcb57a42be, 处理结果：已处理，删除文件
风险路径：C:\Users\Serendipity\Desktop\TS-240311-11-Umbral-011cba.exe, 病毒名：TrojanSpy/MSIL.Discord.n, 病毒ID：5c022167a68756d0, 处理结果：已处理，删除文件
风险路径：C:\Users\Serendipity\Desktop\TS-240311-14-AgentTesla-a918d2.exe, 病毒名：VirTool/MSIL.Obfuscator.wo, 病毒ID：47f12121a99d0b14, 处理结果：已处理，删除文件
风险路径：C:\Users\Serendipity\Desktop\TS-240311-16-Gh0stRAT-daa986.exe, 病毒名：Backdoor/Farfli.hc, 病毒ID：dcf0cef112e8e25e, 处理结果：已处理，删除文件
风险路径：C:\Users\Serendipity\Desktop\TS-240311-02-AutoItAT-c8edb0.exe, 病毒名：HVM:VirTool/Obfuscator.gen!A, 病毒ID：b27d4294cde6a1ec, 处理结果：已处理，删除文件
风险路径：C:\Users\Serendipity\Desktop\TS-240311-04-FormBook-dead1d.exe, 病毒名：HEUR:Worm/Agent.d, 病毒ID：2ce5bfc31c7a2172, 处理结果：已处理，删除文件
风险路径：C:\Users\Serendipity\Desktop\TS-240311-05-RisePro-d7cd4c.exe, 病毒名：HEUR:TrojanDownloader/Agent.bf, 病毒ID：7bec03d7fe2662cb, 处理结果：已处理，删除文件
风险路径：C:\Users\Serendipity\Desktop\TS-240311-06-Lumma-f22738.exe, 病毒名：Trojan/MSIL.Agent.gq, 病毒ID：480de0f93d03ca55, 处理结果：已处理，删除文件

复制代码

剩下运行：

防护项目：隐藏执行PowerShell
执行文件：C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
执行命令行："powershell.exe" -windowstyle hidden "$Allocaffeine=Get-Content 'C:\Users\SEREND~1\AppData\Local\Temp\Motortrucks206\Kronebelbenes214\hjertebaands\Trommeslageres\Andenbehandler201\Gnaverne\Vitiligos28.tyg';$Subdivisional=$Allocaffeine.SubString(10827,3);.$Subdivisional($Allocaffeine)"
操作结果：已阻止
进程ID：11976
操作进程：C:\Users\Serendipity\Desktop\TS-240311-12-Quasar-1805e4.exe
病毒名称：ADV:Trojan/GenInjector.A!1.11
病毒路径：C:\Users\Serendipity\Desktop\TS-240311-13-Quasar-4a0603.exe
操作结果：已处理
防护项目：可疑位置启动
可疑文件：C:\Users\Serendipity\AppData\Local\Temp\25602\Enters.pif
执行命令行：25602\Enters.pif 25602\r
操作结果：已阻止
进程ID：4532
操作进程：C:\Windows\SysWOW64\cmd.exe
操作进程命令行："C:\Windows\System32\cmd.exe" /k move Bathrooms Bathrooms.bat & Bathrooms.bat & exit
父进程ID：10460
父进程：C:\Users\Serendipity\Desktop\TS-240311-01-Poverty-88650e.exe

复制代码

显示全部楼层 · 发表于 2024-3-12 00:23:03

EIS监控kill 15x，剩下1x KFA补漏

显示全部楼层 · 发表于 2024-3-12 00:23:15

Kaspersky Premium + ESSP 清空

Event: Malicious object detected
User: LAPTOP\Fadouse
User type: Initiator
Application name: explorer.exe
Application path: C:\Windows
Component: File Anti-Virus
Result description: Detected
Type: Trojan
Name: UDS:Trojan-PSW.Win32.RisePro
Precision: Exactly
Threat level: High
Object type: File
Object name: TS-240311-05-RisePro-d7cd4c.exe
Object path: E:\Code\Virus
MD5 of an object: 6C445FD49061F4C9849FA6FECB3ECEA8
Reason: Cloud Protection
Event: Malicious object detected
User: LAPTOP\Fadouse
User type: Initiator
Application name: explorer.exe
Application path: C:\Windows
Component: File Anti-Virus
Result description: Detected
Type: Trojan
Name: UDS:Trojan.MSIL.Injuke.gen
Precision: Exactly
Threat level: High
Object type: File
Object name: TS-240311-06-Lumma-f22738.exe
Object path: E:\Code\Virus
MD5 of an object: 581B161B433F01B57303389117B0D0B3
Reason: Cloud Protection

复制代码

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
3/12/2024 12:22:27 AM;Real-time file system protection;file;E:\Code\Virus\TS-240311-01-Poverty-88650e.exe;NSIS/Injector.CJY trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;88650E99AE745097810F096035A3272455E0B708;3/11/2024 10:41:54 PM
3/12/2024 12:22:29 AM;Real-time file system protection;file;E:\Code\Virus\TS-240311-05-RisePro-d7cd4c.exe;a variant of Win32/Packed.VMProtect.AKX trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;D7CD4C01CD9AFC838A1E657925153BF219EEE41D;3/11/2024 10:55:39 PM
3/12/2024 12:22:29 AM;Real-time file system protection;file;E:\Code\Virus\TS-240311-07-FormBookDLDR-816263.exe;MSIL/TrojanDownloader.Agent.QLP trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;8162633DAE92F9A5415AE5BDF02FC4A84612AEAE;3/11/2024 10:57:52 PM
3/12/2024 12:22:34 AM;Real-time file system protection;file;E:\Code\Virus\TS-240311-03-AutoItAT-fd043c.exe;MSIL/Spy.AgentTesla.I trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;FD043CB3A1A4CFF21A3ADE38FEDBB0C39EBE95F6;3/11/2024 11:24:06 PM
3/12/2024 12:22:36 AM;Real-time file system protection;file;E:\Code\Virus\TS-240311-14-AgentTesla-a918d2.exe;MSIL/Spy.AgentTesla.I trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;A918D297935690B893E8D3F46FF40923E156B519;3/11/2024 10:53:00 PM
3/12/2024 12:22:36 AM;Real-time file system protection;file;E:\Code\Virus\TS-240311-12-Quasar-1805e4.exe;a variant of Generik.KJUMLGK trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;1805E4035267B640510A759AD6FDC2CDB41D4DC6;3/11/2024 11:13:15 PM
3/12/2024 12:22:37 AM;Real-time file system protection;file;E:\Code\Virus\TS-240311-13-Quasar-4a0603.exe;a variant of MSIL/Kryptik.AHUA trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;4A0603A98DD87EA78ACB3B90613F1B9CC7C5E7F3;3/11/2024 11:16:23 PM
3/12/2024 12:22:37 AM;Real-time file system protection;file;E:\Code\Virus\TS-240311-11-Umbral-011cba.exe;a variant of MSIL/PSW.Agent.SZC trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;011CBAFFB9A292B13BE1FCFCAC3E8AEA5A680005;3/11/2024 11:08:59 PM
3/12/2024 12:22:38 AM;Real-time file system protection;file;E:\Code\Virus\TS-240311-09-Stealc-4912d9.exe;a variant of Win32/Kryptik.HWOG trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;4912D98EDF4676E1057E264C0D11144C02CBAFE7;3/11/2024 11:01:56 PM
3/12/2024 12:22:40 AM;Real-time file system protection;file;E:\Code\Virus\TS-240311-10-Remcos-7ec732.exe;a variant of MSIL/Kryptik.ALDB trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;7EC7320E70EE1033E1BAB987DC46138F25DBCE6D;3/11/2024 11:04:38 PM
3/12/2024 12:22:40 AM;Real-time file system protection;file;E:\Code\Virus\TS-240311-08-Redline-1fd0ca.exe;a variant of Win32/GenKryptik.GUTJ trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;1FD0CA7ED65D7709AF93FD8E52044E480BCF42BA;3/11/2024 11:00:28 PM
3/12/2024 12:22:43 AM;Real-time file system protection;file;E:\Code\Virus\TS-240311-16-Gh0stRAT-daa986.exe;Win32/Farfli.CNM.Gen trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;DAA98671FA8DE4384CC253ADC3154319D06E8BFC;
3/12/2024 12:22:45 AM;Real-time file system protection;file;E:\Code\Virus\TS-240311-02-AutoItAT-c8edb0.exe;a variant of Generik.NHFCLUV trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;C8EDB0590EF6400647EE313083205C0C7304D81B;3/11/2024 10:49:46 PM
3/12/2024 12:22:47 AM;Real-time file system protection;file;E:\Code\Virus\TS-240311-15-AutoItFB-6c0c52.exe;a variant of Win32/Injector.Autoit.FVM trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;6C0C525E928E2FB3B98603F8D34AFD7C298069BF;
3/12/2024 12:22:50 AM;Real-time file system protection;file;E:\Code\Virus\TS-240311-04-FormBook-dead1d.exe;a variant of Generik.KDOINK trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;DEAD1D6C41E9517129CB95FA08B22BBB618BE3A0;3/11/2024 10:54:16 PM

复制代码

显示全部楼层 · 发表于 2024-3-12 00:40:55

江民12x：

显示全部楼层 · 发表于 2024-3-12 00:49:54

单卡巴清空

显示全部楼层 · 发表于 2024-3-12 01:51:05

FSP清空

显示全部楼层 · 发表于 2024-3-12 02:16:37

华为剩余4双击无反应

[病毒样本] 龟包 240311 16X

本帖子中包含更多资源

评分

本帖子中包含更多资源

评分

本帖子中包含更多资源

评分

评分

本帖子中包含更多资源

本帖子中包含更多资源