龟包 240316 12X

显示全部楼层 · 发表于 2024-3-16 20:58:36

今天几个样本来源都找遍了，还用掉了几十次VT API搜索次数，一个AgentTesla都没找到。。。

下载：
https://malware.camp/Turtle/TurtleSUSP-240316.zip
分流：
https://mirrors-s1.malware.camp/Turtle/TurtleSUSP-240316.zip
https://mirrors-s2.malware.camp/Turtle/TurtleSUSP-240316.zip
https://mirrors-s3.malware.camp/Turtle/TurtleSUSP-240316.zip
龟包列表：
https://malware.camp/Turtle/

显示全部楼层 · 发表于 2024-3-16 21:00:37

本帖最后由 GreatMOLA 于 2024-3-16 21:05 编辑

Malwarebytes 11x

Trojan.Agent.MSIL.Generic, C:\USERS\WANGL\DOWNLOADS\TURTLESUSP-240316\TS-240316-06-LUMMA-4E8387.EXE
Generic.Malware/Suspicious, C:\USERS\WANGL\DOWNLOADS\TURTLESUSP-240316\TS-240316-08-GH0STRAT-A46FC1.EXE
Generic.Malware/Suspicious, C:\USERS\WANGL\DOWNLOADS\TURTLESUSP-240316\TS-240316-09-GH0STRAT-3848F0.EXE,
Trojan.Agent.MSIL.Generic, C:\USERS\WANGL\DOWNLOADS\TURTLESUSP-240316\TS-240316-01-RISEPRO-9D2AC8.EXE
Backdoor.XenoRAT, C:\USERS\WANGL\DOWNLOADS\TURTLESUSP-240316\TS-240316-07-XENO-3A441C.EXE
Spyware.CrealStealer.Python.Generic, C:\USERS\WANGL\DOWNLOADS\TURTLESUSP-240316\TS-240316-02-CREAL-F3EB00.EXE
Trojan.MalPack, C:\USERS\WANGL\DOWNLOADS\TURTLESUSP-240316\TS-240316-04-LUMMA-E670EA.EXE
Trojan.Dropper.MSIL.Generic, C:\USERS\WANGL\DOWNLOADS\TURTLESUSP-240316\TS-240316-10-GH0STRAT-EC8E89.EXE
Generic.Malware.AI.DDS, C:\USERS\WANGL\DOWNLOADS\TURTLESUSP-240316\TS-240316-03-BLANKGRABBER-5E25AE.EXE
Malware.AI.310344896, C:\USERS\WANGL\DOWNLOADS\TURTLESUSP-240316\TS-240316-05-LUMMA-302BB3.EXE
Malware.Sandbox.48, C:\USERS\WANGL\DOWNLOADS\TURTLESUSP-240316\TS-240316-11-GH0STRAT-A21580.EXE

复制代码

Bitdefender exec+scan 12x

显示全部楼层 · 发表于 2024-3-16 21:00:55

本帖最后由 UNknownOoo 于 2024-3-16 21:02 编辑

火绒（没开高级启发
扫描：9x

扫描文件：12
发现风险：9
已处理风险：0
病毒详情：
风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TS-240316-01-RisePro-9d2ac8.exe, 病毒名：Trojan/MSIL.Agent.gq, 病毒ID：480de0f93d03ca55, 处理结果：暂不处理
风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TS-240316-04-Lumma-e670ea.exe, 病毒名：Trojan/Injector.bfs, 病毒ID：3f6df37acd8bc223, 处理结果：暂不处理
风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TS-240316-11-Gh0stRAT-a21580.exe, 病毒名：Backdoor/Lotok.w, 病毒ID：d4e76df9065a4b6e, 处理结果：暂不处理
风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TS-240316-06-Lumma-4e8387.exe, 病毒名：Trojan/MSIL.Agent.gq, 病毒ID：480de0f93d03ca55, 处理结果：暂不处理
风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TS-240316-09-Gh0stRAT-3848f0.exe, 病毒名：Backdoor/Meterpreter.ak, 病毒ID：a00d08efda1aa78c, 处理结果：暂不处理
风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TS-240316-07-Xeno-3a441c.exe, 病毒名：Trojan/MSIL.Agent.dj, 病毒ID：c5c57cb4688e2ddd, 处理结果：暂不处理
风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TS-240316-10-Gh0stRAT-ec8e89.exe, 病毒名：Backdoor/Meterpreter.ak, 病毒ID：a00d08efda1aa78c, 处理结果：暂不处理
风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TS-240316-08-Gh0stRAT-a46fc1.exe, 病毒名：Backdoor/Meterpreter.ak, 病毒ID：a00d08efda1aa78c, 处理结果：暂不处理
风险路径：C:\Users\UnknownOoo\Downloads\Compressed\TS-240316-02-Creal-f3eb00.exe, 病毒名：Ransom/LockFile.fl, 病毒ID：9b97d9df1e35b64c, 处理结果：暂不处理

复制代码

X-Sec
扫描：ALL

---------------------
2024/03/16 21:01:21 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TS-240316-01-RisePro-9d2ac8.exe -- [rame-cloud] Stealer.Agent!8.C2
2024/03/16 21:01:21 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TS-240316-02-Creal-f3eb00.exe -- [rame-cloud] Spyware.Agent!8.C6
2024/03/16 21:01:22 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TS-240316-04-Lumma-e670ea.exe -- [rame-cloud] Trojan.Kryptik!8.8
2024/03/16 21:01:23 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TS-240316-05-Lumma-302bb3.exe -- [rame-cloud] Spyware.Zbot!8.16B
2024/03/16 21:01:24 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TS-240316-03-BlankGrabber-5e25ae.exe -- [rame-classic] Spyware.Agent/PYC!1.EA8F
2024/03/16 21:01:24 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TS-240316-06-Lumma-4e8387.exe -- [rame-cloud] Stealer.Agent!8.C2
2024/03/16 21:01:24 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TS-240316-08-Gh0stRAT-a46fc1.exe -- [rame-cloud] Trojan.Rozena!8.6D
2024/03/16 21:01:24 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TS-240316-07-Xeno-3a441c.exe -- [rame-classic] Backdoor.XenoRAT!1.F6EA
2024/03/16 21:01:25 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TS-240316-10-Gh0stRAT-ec8e89.exe -- [rame-tfe] Trojan.Rozena!8.6D
2024/03/16 21:01:25 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TS-240316-09-Gh0stRAT-3848f0.exe -- [rame-tfe] Trojan.Rozena!8.6D
2024/03/16 21:01:27 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TS-240316-11-Gh0stRAT-a21580.exe -- [rame-cloud] Trojan.Generic!8.C3
2024/03/16 21:01:27 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\TS-240316-12-UnknownStealer-0fccf0.exe -- [rame-cloud] Trojan.Tpyc!8.1874B

复制代码

显示全部楼层 · 发表于 2024-3-16 21:04:38

显示全部楼层 · 发表于 2024-3-16 21:06:16

不错，EIS解压11x，拉黑1x，总共清空

显示全部楼层 · 发表于 2024-3-16 21:08:26

Kaspersky Premium + ESET Smart Security Premium Kill All

显示全部楼层 · 发表于 2024-3-16 21:11:17

360

显示全部楼层 · 发表于 2024-3-16 21:14:14

卡巴斯基
Kaspersky Plus

Kill ALL

https://bbs.kafan.cn/forum.php?mod=attachment&aid=MzM4MjY4N3xkNWQ1ZmEwNTRjMGEzN2RlZGYzY2IyYTc1Y2M2MWIxM3wxNzE0MjU3MTM1&request=yes&_f=.jpeg

显示全部楼层 · 发表于 2024-3-16 21:14:23

河众断网11只
联网All

显示全部楼层 · 发表于 2024-3-16 21:28:17

BEST

[病毒样本] 龟包 240316 12X

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源