本帖最后由 UNknownOoo 于 2024-3-27 00:19 编辑
火绒(没开高级启发
扫描:特征 13x
- 扫描文件:18
- 发现风险:13
- 已处理风险:0
- 病毒详情:
- 风险路径:C:\Users\UnknownOoo\Downloads\TurtleSUSP-240326\TS-240326-06-PoshC2-b83585.ps1, 病毒名:Backdoor/Meterpreter.as, 病毒ID:aa1e54f0fc445546, 处理结果:暂不处理
- 风险路径:C:\Users\UnknownOoo\Downloads\TurtleSUSP-240326\TS-240326-17-Lumma-070423.exe, 病毒名:Trojan/MSIL.Agent.gq, 病毒ID:480de0f93d03ca55, 处理结果:暂不处理
- 风险路径:C:\Users\UnknownOoo\Downloads\TurtleSUSP-240326\TS-240326-14-AgentTesla-898644.exe, 病毒名:TrojanSpy/MSIL.AgentTesla.mq, 病毒ID:ac3cb7ce3931cea3, 处理结果:暂不处理
- 风险路径:C:\Users\UnknownOoo\Downloads\TurtleSUSP-240326\TS-240326-10-AgentTesla-1708ab.exe, 病毒名:HEUR:VirTool/MSIL.Obfuscator.gen!A, 病毒ID:3fda44dcb57a42be, 处理结果:暂不处理
- 风险路径:C:\Users\UnknownOoo\Downloads\TurtleSUSP-240326\TS-240326-11-AgentTesla-f302cf.exe, 病毒名:HEUR:VirTool/MSIL.Obfuscator.gen!A, 病毒ID:3fda44dcb57a42be, 处理结果:暂不处理
- 风险路径:C:\Users\UnknownOoo\Downloads\TurtleSUSP-240326\TS-240326-03-FormBook-61633e.exe, 病毒名:TrojanSpy/MSIL.AgentTesla.mq, 病毒ID:d74520d1b2d3abdd, 处理结果:暂不处理
- 风险路径:C:\Users\UnknownOoo\Downloads\TurtleSUSP-240326\TS-240326-13-AgentTesla-ccaf7a.exe, 病毒名:HEUR:VirTool/MSIL.Obfuscator.gen!A, 病毒ID:3fda44dcb57a42be, 处理结果:暂不处理
- 风险路径:C:\Users\UnknownOoo\Downloads\TurtleSUSP-240326\TS-240326-08-AgentTesla-7c8dd2.exe, 病毒名:TrojanSpy/MSIL.AgentTesla.mq, 病毒ID:d74520d1b2d3abdd, 处理结果:暂不处理
- 风险路径:C:\Users\UnknownOoo\Downloads\TurtleSUSP-240326\TS-240326-09-AgentTesla-5ca97e.exe, 病毒名:TrojanSpy/MSIL.AgentTesla.mq, 病毒ID:d74520d1b2d3abdd, 处理结果:暂不处理
- 风险路径:C:\Users\UnknownOoo\Downloads\TurtleSUSP-240326\TS-240326-15-AgentTesla-bd0106.exe, 病毒名:TrojanSpy/MSIL.AgentTesla.mq, 病毒ID:d74520d1b2d3abdd, 处理结果:暂不处理
- 风险路径:C:\Users\UnknownOoo\Downloads\TurtleSUSP-240326\TS-240326-18-UnknownLoader-2f3c49.exe, 病毒名:TrojanSpy/MSIL.AgentTesla.mq, 病毒ID:d74520d1b2d3abdd, 处理结果:暂不处理
- 风险路径:C:\Users\UnknownOoo\Downloads\TurtleSUSP-240326\TS-240326-16-AgentTesla-581f34.exe, 病毒名:TrojanSpy/MSIL.AgentTesla.mq, 病毒ID:d74520d1b2d3abdd, 处理结果:暂不处理
- 风险路径:C:\Users\UnknownOoo\Downloads\TurtleSUSP-240326\TS-240326-01-BlankGrabber-d83470.exe, 病毒名:TrojanSpy/Python.Stealer.d, 病毒ID:d06410f9a3897eb1, 处理结果:暂不处理
复制代码 运行:
TS-240326-02-Remcos(ModiLoader)-ecc78c.exe - 内存防护捉,但是处理失败
- 病毒名称:Backdoor/Remcos.k
- 病毒ID:CA6D276341E73D30
- 虚拟地址:0x0000000002E00000
- 映像大小:475MB
- 是否完整映像:否
- 数据流哈希:71c401bf
- 操作结果:已处理
- 进程ID:2552
- 操作进程:C:\Windows\SysWOW64\colorcpl.exe
- 操作进程命令行:C:\Windows\System32\colorcpl.exe
- 父进程ID:7268
- 父进程:C:\Users\Serendipity\Desktop\TurtleSUSP-240326\TS-240326-02-Remcos(ModiLoader)-ecc78c.exe
复制代码- 病毒详情:
- 风险路径:mem://2552-0x71c401bf-0x2e00000-C:\Windows\SysWOW64\colorcpl.exe, 病毒名:Backdoor/Remcos.k, 病毒ID:ca6d276341e73d30, 处理结果:处理失败,SFC进程未处理
复制代码
TS-240326-12-AgentTesla-8ccb99.exe - 主防/内存防护响应
- 病毒名称:Trojan/MSIL.Injector.np
- 病毒ID:2EC8D38D93924346
- 虚拟地址:0x000000009B960000
- 映像大小:584KB
- 是否完整映像:否
- 数据流哈希:399e2138
- 操作结果:已处理
- 进程ID:5916
- 操作进程:C:\Users\Serendipity\Desktop\TurtleSUSP-240326\TS-240326-12-AgentTesla-8ccb99.exe
复制代码- 病毒名称:ADV:Trojan/GenInjector.A!1.23
- 病毒路径:C:\Users\Serendipity\Desktop\TurtleSUSP-240326\TS-240326-12-AgentTesla-8ccb99.exe
- 操作结果:已处理
复制代码
TS-240326-04-FormBook(GULoader)-003035.vbs - MISS
TS-240326-05-LokiBot(GULoader)-415b4b.vbs - MISS
TS-240326-07-UnknownStealer-a5d3e7.exe - MISS
X-Sec
扫描:15x
- ---------------------
- 2024/03/27 00:03:40 Threat Detected: C:\Users\UnknownOoo\Downloads\TurtleSUSP-240326\TS-240326-02-Remcos(ModiLoader)-ecc78c.exe -- [rame-classic] Downloader.Agent!1.EFE4
- 2024/03/27 00:03:41 Threat Detected: C:\Users\UnknownOoo\Downloads\TurtleSUSP-240326\TS-240326-01-BlankGrabber-d83470.exe -- [rame-classic] Spyware.Agent/PYC!1.EA8F
- 2024/03/27 00:03:41 Threat Detected: C:\Users\UnknownOoo\Downloads\TurtleSUSP-240326\TS-240326-04-FormBook(GULoader)-003035.vbs -- [rame-cloud] Trojan.SAgent/VBS!8.132D5
- 2024/03/27 00:03:42 Threat Detected: C:\Users\UnknownOoo\Downloads\TurtleSUSP-240326\TS-240326-07-UnknownStealer-a5d3e7.exe -- [rame-classic] Downloader.Agent/PYC!1.F092
- 2024/03/27 00:03:42 Threat Detected: C:\Users\UnknownOoo\Downloads\TurtleSUSP-240326\TS-240326-08-AgentTesla-7c8dd2.exe -- [rame-cloud] Trojan.Kryptik!8.8
- 2024/03/27 00:03:43 Threat Detected: C:\Users\UnknownOoo\Downloads\TurtleSUSP-240326\TS-240326-10-AgentTesla-1708ab.exe -- [rame-rdm.msil2] Malware.Obfus/MSIL@AI.96
- 2024/03/27 00:03:43 Threat Detected: C:\Users\UnknownOoo\Downloads\TurtleSUSP-240326\TS-240326-09-AgentTesla-5ca97e.exe -- [rame-cloud] Trojan.Kryptik!8.8
- 2024/03/27 00:03:43 Threat Detected: C:\Users\UnknownOoo\Downloads\TurtleSUSP-240326\TS-240326-11-AgentTesla-f302cf.exe -- [rame-rdm.msil2] Malware.Obfus/MSIL@AI.90
- 2024/03/27 00:03:44 Threat Detected: C:\Users\UnknownOoo\Downloads\TurtleSUSP-240326\TS-240326-12-AgentTesla-8ccb99.exe -- [rame-rdm.msil2] Malware.Obfus/MSIL@AI.93
- 2024/03/27 00:03:44 Threat Detected: C:\Users\UnknownOoo\Downloads\TurtleSUSP-240326\TS-240326-14-AgentTesla-898644.exe -- [rame-rdm.msil2] Malware.Obfus/MSIL@AI.100
- 2024/03/27 00:03:44 Threat Detected: C:\Users\UnknownOoo\Downloads\TurtleSUSP-240326\TS-240326-13-AgentTesla-ccaf7a.exe -- [rame-rdm.msil2] Malware.Obfus/MSIL@AI.90
- 2024/03/27 00:03:45 Threat Detected: C:\Users\UnknownOoo\Downloads\TurtleSUSP-240326\TS-240326-15-AgentTesla-bd0106.exe -- [rame-cloud] Trojan.Kryptik!8.8
- 2024/03/27 00:03:46 Threat Detected: C:\Users\UnknownOoo\Downloads\TurtleSUSP-240326\TS-240326-16-AgentTesla-581f34.exe -- [rame-cloud] Trojan.Kryptik!8.8
- 2024/03/27 00:03:46 Threat Detected: C:\Users\UnknownOoo\Downloads\TurtleSUSP-240326\TS-240326-17-Lumma-070423.exe -- [rame-rdm.msil2] Malware.Obfus/MSIL@AI.100
- 2024/03/27 00:03:46 Threat Detected: C:\Users\UnknownOoo\Downloads\TurtleSUSP-240326\TS-240326-18-UnknownLoader-2f3c49.exe -- [rame-cloud] Trojan.Generic!8.C3
复制代码
|