龟包 240318 22X

神龟Turmi

AgentTesla复活辣！看来他们不是噶了，是实行双休制度了（
“庆祝”AgentTesla复活，哥们高兴，整理了三个小时，今天多来点

EDIT：15号是bat 私密马赛


下载：
https://malware.camp/Turtle/TurtleSUSP-240318.zip
分流：
https://mirrors-s1.malware.camp/Turtle/TurtleSUSP-240318.zip
https://mirrors-s2.malware.camp/Turtle/TurtleSUSP-240318.zip
https://mirrors-s3.malware.camp/Turtle/TurtleSUSP-240318.zip
龟包列表：
https://malware.camp/Turtle/

t0kenzero

cylance 21X
Miss TS-240318-15-MetaSploit-288b6e





DI 21X
Miss TS-240318-15-MetaSploit-288b6e

偶偶偶114514

Di清空（1/1）

biue

UNknownOoo

火绒（未开高级启发
扫描：14x

1. 扫描文件：22
   
2. 发现风险：14
   
3. 已处理风险：0
   
4. 病毒详情：
   
5. 风险路径：C:\Users\Serendipity\Desktop\TurtleSUSP-240318\TS-240318-16-MetaSploit-7b85b1.exe, 病毒名：Backdoor/W64.Meterpreter.b, 病毒ID：039db99588a1e0ee, 处理结果：暂不处理
   
6. 风险路径：C:\Users\Serendipity\Desktop\TurtleSUSP-240318\TS-240318-04-AgentTesla-89d83b.exe, 病毒名：HEUR:VirTool/MSIL.Obfuscator.gen!A, 病毒ID：3fda44dcb57a42be, 处理结果：暂不处理
   
7. 风险路径：C:\Users\Serendipity\Desktop\TurtleSUSP-240318\TS-240318-11-AgentTesla-67ea48.exe, 病毒名：HEUR:VirTool/MSIL.Obfuscator.gen!A, 病毒ID：3fda44dcb57a42be, 处理结果：暂不处理
   
8. 风险路径：C:\Users\Serendipity\Desktop\TurtleSUSP-240318\TS-240318-10-AgentTesla-8dc051.exe, 病毒名：HEUR:VirTool/MSIL.Obfuscator.gen!A, 病毒ID：3fda44dcb57a42be, 处理结果：暂不处理
   
9. 风险路径：C:\Users\Serendipity\Desktop\TurtleSUSP-240318\TS-240318-14-Lumma-d70c63.exe, 病毒名：Trojan/MSIL.Agent.gq, 病毒ID：480de0f93d03ca55, 处理结果：暂不处理
   
10. 风险路径：C:\Users\Serendipity\Desktop\TurtleSUSP-240318\TS-240318-08-AgentTesla-1f2693.exe, 病毒名：HEUR:VirTool/MSIL.Obfuscator.gen!A, 病毒ID：3fda44dcb57a42be, 处理结果：暂不处理
    
11. 风险路径：C:\Users\Serendipity\Desktop\TurtleSUSP-240318\TS-240318-12-Eternity-f3dffa.exe, 病毒名：TrojanSpy/MSIL.Agent.cb, 病毒ID：f17e40984c271564, 处理结果：暂不处理
    
12. 风险路径：C:\Users\Serendipity\Desktop\TurtleSUSP-240318\TS-240318-09-AgentTesla-8db3b5.exe, 病毒名：HEUR:VirTool/MSIL.Obfuscator.gen!A, 病毒ID：3fda44dcb57a42be, 处理结果：暂不处理
    
13. 风险路径：C:\Users\Serendipity\Desktop\TurtleSUSP-240318\TS-240318-18-Vidar-ef9f94.exe, 病毒名：Trojan/MSIL.Agent.gq, 病毒ID：480de0f93d03ca55, 处理结果：暂不处理
    
14. 风险路径：C:\Users\Serendipity\Desktop\TurtleSUSP-240318\TS-240318-21-Redline-c8a026.exe, 病毒名：Trojan/MSIL.Agent.gq, 病毒ID：480de0f93d03ca55, 处理结果：暂不处理
    
15. 风险路径：C:\Users\Serendipity\Desktop\TurtleSUSP-240318\TS-240318-22-UnknownRAT-ca0f5f.exe, 病毒名：HEUR:VirTool/MSIL.Obfuscator.gen!A, 病毒ID：3fda44dcb57a42be, 处理结果：暂不处理
    
16. 风险路径：C:\Users\Serendipity\Desktop\TurtleSUSP-240318\TS-240318-19-ZGRAT-c9d54b.exe, 病毒名：HEUR:VirTool/MSIL.Obfuscator.gen!A, 病毒ID：3fda44dcb57a42be, 处理结果：暂不处理
    
17. 风险路径：C:\Users\Serendipity\Desktop\TurtleSUSP-240318\TS-240318-13-Lumma-9d61cb.exe, 病毒名：VirTool/Obfuscator.fq, 病毒ID：87f0b01289503335, 处理结果：暂不处理
    
18. 风险路径：C:\Users\Serendipity\Desktop\TurtleSUSP-240318\TS-240318-03-AgentTesla-db66c0.exe, 病毒名：HVM:VirTool/Obfuscator.gen!A, 病毒ID：b27d4294cde6a1ec, 处理结果：暂不处理

复制代码

384也7492374

S1 静态19x 行为1x star补TS-240318-07-AgentTesla-256f2b.exe 余TS-240318-15-MetaSploit-288b6e无法运行
下一秒S1 云杀

秋日之殇

卡巴清空

心醉咖啡

360

Fadouse

Kaspersky Premium ESSP Kill All

1. Event: Malicious object detected
   
2. User: LAPTOP\Fadouse
   
3. User type: Initiator
   
4. Application name: explorer.exe
   
5. Application path: C:\Windows
   
6. Component: File Anti-Virus
   
7. Result description: Detected
   
8. Type: Trojan
   
9. Name: HEUR:Trojan.Win32.Generic
   
10. Precision: Partially
    
11. Threat level: High
    
12. Object type: File
    
13. Object name: TS-240318-16-MetaSploit-7b85b1.exe
    
14. Object path: E:\Code\Virus
    
15. MD5 of an object: 79BE6407EFCD8384488E10B3E4D57D28
    
16. Reason: Expert analysis
    
17. Databases release date: Today, 3/18/2024 2:54:00 PM

复制代码

1. Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
   
2. 3/18/2024 11:00:37 PM;Real-time file system protection;file;E:\Code\Virus\TS-240318-15-MetaSploit-288b6e.exe;PowerShell/Kryptik.EJ trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;288B6E86B75A03A29A9E7A806AFEF4CDA4074175;
   
3. 3/18/2024 11:00:40 PM;Real-time file system protection;file;E:\Code\Virus\TS-240318-04-AgentTesla-89d83b.exe;MSIL/Spy.AgentTesla.I trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;89D83BD5870A263A8CA448C2B7CC46303AD05B60;3/18/2024 9:47:18 PM
   
4. 3/18/2024 11:00:42 PM;Real-time file system protection;file;E:\Code\Virus\TS-240318-01-Rhadamanthys-d28e1c.exe;BAT/Runner.JL trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;D28E1CBC90A683FF4C45C97DF8A51A8A2E664C13;
   
5. 3/18/2024 11:00:43 PM;Real-time file system protection;file;E:\Code\Virus\TS-240318-02-AgentTesla-60ef2a.exe;a variant of MSIL/Kryptik.ALCR trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;60EF2A2A370CE3855C7B249462DC5584AEBA5161;3/18/2024 9:37:46 PM
   
6. 3/18/2024 11:00:47 PM;Real-time file system protection;file;E:\Code\Virus\TS-240318-05-AgentTesla-f70a66.exe;a variant of MSIL/Kryptik.ALEZ trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;F70A66CB9053D8E48552CB7800E4B8F9F93F9643;3/18/2024 10:00:32 PM
   
7. 3/18/2024 11:00:50 PM;Real-time file system protection;file;E:\Code\Virus\TS-240318-06-AgentTesla-aca44b.exe;a variant of MSIL/Kryptik.ALEZ trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;ACA44BD69EF966A58A1EA5EE71D1B0E2684F6DED;3/18/2024 10:02:20 PM
   
8. 3/18/2024 11:00:50 PM;Real-time file system protection;file;E:\Code\Virus\TS-240318-07-AgentTesla-256f2b.exe;NSIS/Injector.CKS trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;256F2B1D6F22676B8B002407163A4FF24FEB4708;
   
9. 3/18/2024 11:00:53 PM;Real-time file system protection;file;E:\Code\Virus\TS-240318-14-Lumma-d70c63.exe;a variant of MSIL/Kryptik_AGen.CBB trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;D70C63A5ABFBBD2F089F25BEF92794B8F732571C;3/18/2024 10:16:24 PM
   
10. 3/18/2024 11:00:53 PM;Real-time file system protection;file;E:\Code\Virus\TS-240318-08-AgentTesla-1f2693.exe;a variant of MSIL/Kryptik.ALEW trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;1F26937EDE493563E6D537011EEE83BB45CAEB48;3/18/2024 10:10:05 PM
    
11. 3/18/2024 11:00:57 PM;Real-time file system protection;file;E:\Code\Virus\TS-240318-12-Eternity-f3dffa.exe;a variant of MSIL/Spy.Agent.EET trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;F4DFFA29257D09E8E933845099A5C6F762E8DCB3;3/18/2024 9:59:32 PM
    
12. 3/18/2024 11:00:58 PM;Real-time file system protection;file;E:\Code\Virus\TS-240318-11-AgentTesla-67ea48.exe;a variant of MSIL/Kryptik.ALEW trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;67EA48DD63133384EE25B90EC7EBC35ED48AE095;3/18/2024 10:23:04 PM
    
13. 3/18/2024 11:01:01 PM;Real-time file system protection;file;E:\Code\Virus\TS-240318-03-AgentTesla-db66c0.exe;a variant of Generik.IKEYQDD trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;DB66C0D2235DE29131CBAB88B2A4A3D235C0165A;3/18/2024 9:45:54 PM
    
14. 3/18/2024 11:01:04 PM;Real-time file system protection;file;E:\Code\Virus\TS-240318-22-UnknownRAT-ca0f5f.exe;a variant of MSIL/Kryptik.ALEW trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;CA0F5FDFA62D7F0CB5DECE23ACFE9143E38B942D;3/18/2024 10:40:06 PM
    
15. 3/18/2024 11:01:07 PM;Real-time file system protection;file;E:\Code\Virus\TS-240318-18-Vidar-ef9f94.exe;a variant of MSIL/Kryptik_AGen.CBG trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;EF9F9472C683BBEB73336EEDC435DE49E48B0F2C;3/18/2024 9:40:33 PM
    
16. 3/18/2024 11:01:09 PM;Real-time file system protection;file;E:\Code\Virus\TS-240318-10-AgentTesla-8dc051.exe;a variant of MSIL/Kryptik.ALEW trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;8DC051DD0ACB41DA45C09BD021E61B87F14246A9;3/18/2024 10:19:49 PM
    
17. 3/18/2024 11:01:12 PM;Real-time file system protection;file;E:\Code\Virus\TS-240318-19-ZGRAT-c9d54b.exe;a variant of MSIL/Kryptik.ALEW trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;C9D54BF3730A72F5FA7AB92659EA1874D539297E;3/18/2024 10:25:22 PM
    
18. 3/18/2024 11:01:13 PM;Real-time file system protection;file;E:\Code\Virus\TS-240318-17-Vidar-3a9a43.exe;a variant of Win32/TrojanDownloader.Rugmi.AFZ.gen trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;3A9A43DBE52DE0D9A5B064C33F19EA6EEA106870;3/18/2024 9:49:43 PM
    
19. 3/18/2024 11:01:15 PM;Real-time file system protection;file;E:\Code\Virus\TS-240318-20-UnknownLoader-e16d7b.exe;Suspicious Object;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;E16D7B65084A79D97E9530ACED9DCD72854326DC;3/18/2024 10:32:45 PM
    
20. 3/18/2024 11:01:18 PM;Real-time file system protection;file;E:\Code\Virus\TS-240318-13-Lumma-9d61cb.exe;a variant of Win32/Kryptik.HWPX trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;9D61CB4FA34C541DC2C3DC9E7E3DF0B7D7FB382D;3/18/2024 9:55:05 PM
    
21. 3/18/2024 11:01:20 PM;Real-time file system protection;file;E:\Code\Virus\TS-240318-21-Redline-c8a026.exe;a variant of MSIL/Kryptik_AGen.CBB trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;C8A026616016D57C58D858EF46D2B9F73B82CB2D;3/18/2024 10:39:10 PM
    
22. 3/18/2024 11:01:22 PM;Real-time file system protection;file;E:\Code\Virus\TS-240318-09-AgentTesla-8db3b5.exe;a variant of MSIL/Kryptik.ALEW trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;8DB3B5AC5E47AE73A7C47D527A664F5FE61A45A7;3/18/2024 10:13:36 PM
    

复制代码

偶偶偶114514

t0kenzero 发表于 2024-3-18 22:49
cylance 21X
Miss TS-240318-15-MetaSploit-288b6e

我静态清空了(?