龟包 240401 11X

神龟Turmi

在开始之前发一个“重要通知”
最近龟龟考虑到硬盘/闪存的数据储存安全性并不高，为了保证龟包的可持续性和储存的安全性
从即日起龟包将使用更传统但是更安全更不容易丢失的方法储存和分发，即纸张
我们会将龟包中的样本以二进制的形式保存在纸张上，然后通过快递的方式分发，快递费自理
所以，各位坛友请私信你的地址，届时，在收到我们的龟包快递后，你需要使用扫描仪并且将纸张上的二进制重新转换回可执行文件
考虑到以后龟包的发布速度极度受限于我们20张/分钟的打印机速度，以后龟包不再日更

好了，不开玩笑了，愚人节快乐（灵感来源：吉林大学）

下载：
https://malware.camp/Turtle/TurtleSUSP-240401.zip
分流：
https://mirrors-s1.malware.camp/Turtle/TurtleSUSP-240401.zip
https://mirrors-s2.malware.camp/Turtle/TurtleSUSP-240401.zip
https://mirrors-s3.malware.camp/Turtle/TurtleSUSP-240401.zip
龟包列表：
https://malware.camp/Turtle/

t0kenzero

cylance 12X
Optics Kill TS-240401-09-UnknownStealer-db9e6d



CS 13X
  

莒县小哥

卡巴全杀

DisaPDB

360 5 难绷

swizzer

BD all.

神龟Turmi

t0kenzero 发表于 2024-4-1 17:45
cylance 12X
Optics Kill TS-240401-09-UnknownStealer-db9e6d

好好好 11个样本扫出来13个

tjsh

河众关启发（最近Pyinstaller好泛滥 要不是我拿Python写软件我早通杀Pyinstaller了）
毕竟这个导入表通杀Pyinstaller
10x 剩TS-240401-07-UnknownStealer-41d2fd

Fadouse

ESSP + Kaspersky 清空

1. Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
   
2. 4/1/2024 9:09:07 PM;Real-time file system protection;file;E:\Code\Virus\TS-240401-02-MetaSploit-47c586.exe;Python/ShellCode.I trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;47C58614F088024DF76B9D648D2813701211CC87;
   
3. 4/1/2024 9:09:08 PM;Real-time file system protection;file;E:\Code\Virus\TS-240401-01-AgentTesla-49f7ae.exe;a variant of MSIL/Kryptik.ALGW trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;49F7AECFFDE3B3DB715579FD35377ED12E8CAD1F;4/1/2024 3:42:18 PM
   
4. 4/1/2024 9:09:11 PM;Real-time file system protection;file;E:\Code\Virus\TS-240401-03-BlankGrabber-800c18.exe;a variant of Win64/Packed.PyInstaller.L trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;800C189FBA3A5A2808000C2CBDA17B1B6CDEC797;4/1/2024 3:44:42 PM
   
5. 4/1/2024 9:09:16 PM;Real-time file system protection;file;E:\Code\Virus\TS-240401-04-UnknownStealer-ab4588.exe;Python/DataStealer.H trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;AB4588213A24E513BAD1850EE86D4CA712A68F9C;
   
6. 4/1/2024 9:09:18 PM;Real-time file system protection;file;E:\Code\Virus\TS-240401-06-UnknownStealer-7f687d.exe;Python/Spy.Agent.JW trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;7F687D9B6A2795B0241622271F258770E931EBA0;
   
7. 4/1/2024 9:09:19 PM;Real-time file system protection;file;E:\Code\Virus\TS-240401-05-UnknownStealer-4d4ed7.exe;Python/DataStealer.H trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;4D4ED74DBE4D470F674FC637DFF6E84923C5C30A;
   
8. 4/1/2024 9:09:20 PM;Real-time file system protection;file;E:\Code\Virus\TS-240401-08-UnknownStealer-4d4ed7.exe;Python/DataStealer.H trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;4D4ED74DBE4D470F674FC637DFF6E84923C5C30A;
   
9. 4/1/2024 9:09:26 PM;Real-time file system protection;file;E:\Code\Virus\TS-240401-07-UnknownStealer-41d2fd.exe;Python/Spy.Agent.VE trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;F9CB390895522372FE6AD8349BF02F458A791B2B;
   
10. 4/1/2024 9:09:31 PM;Real-time file system protection;file;E:\Code\Virus\TS-240401-10-LunaStealer-e540f3.exe;Python/Spy.Agent.KI trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;E540F3F5F78CFC89285B6BFB3F4F41059BA92B56;
    
11. 4/1/2024 9:09:35 PM;Real-time file system protection;file;E:\Code\Virus\TS-240401-09-UnknownStealer-db9e6d.exe;Python/Spy.Agent.AAF trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;DB9E6D4AD9677684B4796E4B8C79E8F248D3D036;
    

复制代码

1. Event: A backup copy of the object was created
   
2. User: LAPTOP\Fadouse
   
3. User type: Initiator
   
4. Application name: explorer.exe
   
5. Application path: C:\Windows
   
6. Component: File Anti-Virus
   
7. Result description: Backup copy created
   
8. Type: Trojan
   
9. Name: Trojan.Win32.Strab.hbm
   
10. Precision: Exactly
    
11. Threat level: High
    
12. Object type: File
    
13. Object name: TS-240401-11-UnknownRAT(AutoIt)-0698ba.exe
    
14. Object path: E:\Code\Virus
    
15. MD5 of an object: 853BBCB33D389F4C93DD15D2E9AE5CF4

复制代码

lip123

Yuki丶 发表于 2024-4-1 17:49
huorong

是不是忘添加图片了。