龟包 240403 14X

神龟Turmi

下载：
https://malware.camp/Turtle/TurtleSUSP-240403.zip
分流：
https://mirrors-s1.malware.camp/Turtle/TurtleSUSP-240403.zip
https://mirrors-s2.malware.camp/Turtle/TurtleSUSP-240403.zip
https://mirrors-s3.malware.camp/Turtle/TurtleSUSP-240403.zip
龟包列表：
https://malware.camp/Turtle/

Fadouse

Kaspersky Premium + ESET Smart Security Premium Kill All

1. Event: Malicious object detected
   
2. User: LAPTOP\Fadouse
   
3. User type: Initiator
   
4. Application name: smartscreen.exe
   
5. Application path: C:\Windows\System32
   
6. Component: File Anti-Virus
   
7. Result description: Detected
   
8. Type: Trojan
   
9. Name: HEUR:Trojan.VBS.SAgent.gen
   
10. Precision: Heuristic Analysis
    
11. Threat level: High
    
12. Object type: File
    
13. Object name: TS-240403-02-XWorm-9a68a7.vbs
    
14. Object path: E:\Code\Virus
    
15. MD5 of an object: 12649BDFA5B6E4E106102DA023EC618E
    
16. Reason: Machine learning
    
17. Databases release date: Today, 4/3/2024 7:15:00 AM
    
18. 
    
19. Event: Malicious object detected
    
20. User: LAPTOP\Fadouse
    
21. User type: Initiator
    
22. Application name: explorer.exe
    
23. Application path: C:\Windows
    
24. Component: File Anti-Virus
    
25. Result description: Detected
    
26. Name: UDS:DangerousObject.Multi.Generic
    
27. Precision: Exactly
    
28. Threat level: High
    
29. Object type: File
    
30. Object name: TS-240403-06-AgentTesla(GULoader)-6bce57.exe
    
31. Object path: E:\Code\Virus
    
32. MD5 of an object: A6F9FD517C37CF1B39AEB4C88177366C
    
33. Reason: Cloud Protection
    
34. 
    
35. Event: Malicious object detected
    
36. User: LAPTOP\Fadouse
    
37. User type: Initiator
    
38. Application name: explorer.exe
    
39. Application path: C:\Windows
    
40. Component: File Anti-Virus
    
41. Result description: Detected
    
42. Type: Trojan
    
43. Name: UDS:Trojan-PSW.MSIL.Agensla.gen
    
44. Precision: Exactly
    
45. Threat level: High
    
46. Object type: File
    
47. Object name: TS-240403-05-AgentTesla(PNG)-149061.scr
    
48. Object path: E:\Code\Virus
    
49. MD5 of an object: 93D88B3B46EA0D5803250BF20FABDFCC
    
50. Reason: Cloud Protection

复制代码

1. Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
   
2. 4/3/2024 10:18:35 PM;Real-time file system protection;file;E:\Code\Virus\TS-240403-03-XWorm-4ed296.exe;a variant of MSIL/Agent.DWN trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;4ED2965E2C48D3E35A3E4E1EA8781D3761DE94A5;4/3/2024 10:17:18 PM
   
3. 4/3/2024 10:18:36 PM;Real-time file system protection;file;E:\Code\Virus\TS-240403-04-BitRAT-3fa3b5.exe;a variant of MSIL/Kryptik_AGen.CDE trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;3FA3B5E296D49C4D8E6DFC5D4B775A48609ACA78;4/3/2024 10:17:18 PM
   
4. 4/3/2024 10:18:41 PM;Real-time file system protection;file;E:\Code\Virus\TS-240403-14-Dazzle-ee0678.macho;OSX/DazzleSpy.A trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;EE0678E58868EBD6603CC2E06A134680D2012C1B;4/3/2024 10:17:20 PM
   
5. 4/3/2024 10:18:46 PM;Real-time file system protection;file;E:\Code\Virus\TS-240403-08-AgentTesla(PNG)-fd9efb.exe;a variant of MSIL/GenKryptik.GVXT trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;FD9EFB145705E45DDECAB1DEF2B432B237D187F9;4/3/2024 10:17:20 PM
   
6. 4/3/2024 10:18:47 PM;Real-time file system protection;file;E:\Code\Virus\TS-240403-05-AgentTesla(PNG)-149061.scr;a variant of MSIL/GenKryptik.GVXT trojan;cleaned by deleting (after the next restart);LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;1490610893CC15B655D316CAFD2214442F4DC7C1;4/3/2024 10:17:18 PM
   
7. 4/3/2024 10:18:50 PM;Real-time file system protection;file;E:\Code\Virus\TS-240403-11-Remcos(NIR)-b78ba4.exe;Win32/Rescoms.B trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;B78BA4E1350B1173B1A2457209993F439FA7E199;4/3/2024 10:17:20 PM
   
8. 4/3/2024 10:18:50 PM;Real-time file system protection;file;E:\Code\Virus\TS-240403-09-RisePro(PrivateLoader)-0a5721.exe;a variant of Win32/Agent.ADVG.gen trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;0A572108E6D8EADFE28DC9310E2CBFC7DB917A47;4/3/2024 10:17:20 PM
   
9. 4/3/2024 10:18:52 PM;Real-time file system protection;file;E:\Code\Virus\TS-240403-12-Lumma-7109df.exe;a variant of MSIL/Kryptik.ALHI trojan;cleaned by deleting (after the next restart);LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;7109DF433D1BBBA956BB295458D3AAD92A7757B1;4/3/2024 10:17:20 PM
   
10. 4/3/2024 10:18:57 PM;Real-time file system protection;file;E:\Code\Virus\TS-240403-13-Redline-f134be.exe;a variant of MSIL/Kryptik.ALHI trojan;cleaned by deleting (after the next restart);LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;F134BE1A8C6DD9EB8077CBF99F29B53FA42B82E0;4/3/2024 10:17:20 PM
    
11. 4/3/2024 10:19:00 PM;Real-time file system protection;file;E:\Code\Virus\TS-240403-07-AgentTesla(PNG)-afafe1.exe;a variant of MSIL/GenKryptik.GVXT trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;AFAFE154DA07F8A61ADCA115DB81823B87F21641;4/3/2024 10:17:20 PM
    
12. 4/3/2024 10:19:04 PM;Real-time file system protection;file;E:\Code\Virus\TS-240403-01-Snake(AutoIt)-c8fdfa.exe;a variant of Win32/Injector.Autoit.FWQ trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;C8FDFAEB6AB3CBB81B4A67E1F42C55C0B9B37AE8;
    

复制代码

莒县小哥

卡巴清空

心醉咖啡

360

1094947421

1. 华为【1】 2024-04-03 22:36:53，自定义扫描，发现风险11个风险项目
   
2. 
   
3. 病毒库版本：2024040302
   
4. 杀毒引擎版本：11.Release_2024033000
   
5. 开始时间：2024-04-03 22:36:53
   
6. 总计用时：00:00:00
   
7. 任务状态：已完成
   
8. 扫描文件：14
   
9. 发现风险：11
   
10. 已处理风险：0
    
11. 病毒详情：
    
12. 病毒名称：Win32.Trojan.Generic_@t1.kqx，病毒文件名称：TS-240403-01-Snake(AutoIt)-c8fdfa.exe，病毒文件路径：D:\下载\Compressed\TurtleSUSP-240403\，病毒等级：中，病毒类型：木马病毒，病毒发现时间：2024-04-03 22:36:53，处置结果：未处置
    
13. 病毒名称：Win32.Trojan.Dropper_@t1.ane，病毒文件名称：TS-240403-03-XWorm-4ed296.exe，病毒文件路径：D:\下载\Compressed\TurtleSUSP-240403\，病毒等级：中，病毒类型：木马病毒，病毒发现时间：2024-04-03 22:36:53，处置结果：未处置
    
14. 病毒名称：Win32.Backdoor.NN_@t1.9159，病毒文件名称：TS-240403-04-BitRAT-3fa3b5.exe，病毒文件路径：D:\下载\Compressed\TurtleSUSP-240403\，病毒等级：高，病毒类型：后门远控，病毒发现时间：2024-04-03 22:36:53，处置结果：未处置
    
15. 病毒名称：Win32.Trojan.NN_@t1.9979，病毒文件名称：TS-240403-05-AgentTesla(PNG)-149061.scr，病毒文件路径：D:\下载\Compressed\TurtleSUSP-240403\，病毒等级：中，病毒类型：木马病毒，病毒发现时间：2024-04-03 22:36:53，处置结果：未处置
    
16. 病毒名称：Win32.Trojan.NN_@t1.9998，病毒文件名称：TS-240403-07-AgentTesla(PNG)-afafe1.exe，病毒文件路径：D:\下载\Compressed\TurtleSUSP-240403\，病毒等级：中，病毒类型：木马病毒，病毒发现时间：2024-04-03 22:36:53，处置结果：未处置
    
17. 病毒名称：Win32.Trojan.NN_@t1.9985，病毒文件名称：TS-240403-08-AgentTesla(PNG)-fd9efb.exe，病毒文件路径：D:\下载\Compressed\TurtleSUSP-240403\，病毒等级：中，病毒类型：木马病毒，病毒发现时间：2024-04-03 22:36:53，处置结果：未处置
    
18. 病毒名称：Win32.Miner.NN_@t1.8067，病毒文件名称：TS-240403-09-RisePro(PrivateLoader)-0a5721.exe，病毒文件路径：D:\下载\Compressed\TurtleSUSP-240403\，病毒等级：高，病毒类型：挖矿木马，病毒发现时间：2024-04-03 22:36:53，处置结果：未处置
    
19. 病毒名称：Win32.Trojan.Generic_@t1.e1dbc2ff，病毒文件名称：TS-240403-11-Remcos(NIR)-b78ba4.exe，病毒文件路径：D:\下载\Compressed\TurtleSUSP-240403\，病毒等级：中，病毒类型：木马病毒，病毒发现时间：2024-04-03 22:36:53，处置结果：未处置
    
20. 病毒名称：Win32.Backdoor.NN_@t1.8810，病毒文件名称：TS-240403-12-Lumma-7109df.exe，病毒文件路径：D:\下载\Compressed\TurtleSUSP-240403\，病毒等级：高，病毒类型：后门远控，病毒发现时间：2024-04-03 22:36:53，处置结果：未处置
    
21. 病毒名称：Win32.Backdoor.NN_@t1.8554，病毒文件名称：TS-240403-13-Redline-f134be.exe，病毒文件路径：D:\下载\Compressed\TurtleSUSP-240403\，病毒等级：高，病毒类型：后门远控，病毒发现时间：2024-04-03 22:36:54，处置结果：未处置
    
22. 病毒名称：iPhone.Backdoor.Generic_@t1.ca6dc76c，病毒文件名称：TS-240403-14-Dazzle-ee0678.macho，病毒文件路径：D:\下载\Compressed\TurtleSUSP-240403\，病毒等级：高，病毒类型：后门远控，病毒发现时间：2024-04-03 22:36:54，处置结果：未处置
    

复制代码

UNknownOoo

火绒（未开高级启发
扫描：13x

1. 扫描文件：14
   
2. 发现风险：13
   
3. 已处理风险：13
   
4. 病毒详情：
   
5. 风险路径：C:\Users\Serendipity\Desktop\TurtleSUSP-240403(1)\TS-240403-02-XWorm-9a68a7.vbs, 病毒名：TrojanDownloader/VBS.Agent.ga, 病毒ID：98caea9a15f1816d, 处理结果：已处理，删除文件
   
6. 风险路径：C:\Users\Serendipity\Desktop\TurtleSUSP-240403(1)\TS-240403-12-Lumma-7109df.exe, 病毒名：Trojan/Agent.bld, 病毒ID：c04598e3f87eb515, 处理结果：已处理，删除文件
   
7. 风险路径：C:\Users\Serendipity\Desktop\TurtleSUSP-240403(1)\TS-240403-13-Redline-f134be.exe, 病毒名：Trojan/Agent.bld, 病毒ID：c04598e3f87eb515, 处理结果：已处理，删除文件
   
8. 风险路径：C:\Users\Serendipity\Desktop\TurtleSUSP-240403(1)\TS-240403-08-AgentTesla(PNG)-fd9efb.exe, 病毒名：TrojanSpy/MSIL.AgentTesla.mq, 病毒ID：d80ee6a72a4d151f, 处理结果：已处理，删除文件
   
9. 风险路径：C:\Users\Serendipity\Desktop\TurtleSUSP-240403(1)\TS-240403-05-AgentTesla(PNG)-149061.scr, 病毒名：TrojanSpy/MSIL.AgentTesla.mq, 病毒ID：d80ee6a72a4d151f, 处理结果：已处理，删除文件
   
10. 风险路径：C:\Users\Serendipity\Desktop\TurtleSUSP-240403(1)\TS-240403-07-AgentTesla(PNG)-afafe1.exe, 病毒名：TrojanSpy/MSIL.AgentTesla.mq, 病毒ID：d80ee6a72a4d151f, 处理结果：已处理，删除文件
    
11. 风险路径：C:\Users\Serendipity\Desktop\TurtleSUSP-240403(1)\TS-240403-04-BitRAT-3fa3b5.exe, 病毒名：TrojanDownloader/MSIL.Agent.xd, 病毒ID：d18b6718f465aebc, 处理结果：已处理，删除文件
    
12. 风险路径：C:\Users\Serendipity\Desktop\TurtleSUSP-240403(1)\TS-240403-11-Remcos(NIR)-b78ba4.exe, 病毒名：TrojanSpy/MSIL.AgentTesla.mq, 病毒ID：ac3cb7ce3931cea3, 处理结果：已处理，删除文件
    
13. 风险路径：C:\Users\Serendipity\Desktop\TurtleSUSP-240403(1)\TS-240403-03-XWorm-4ed296.exe, 病毒名：Backdoor/MSIL.DDos.b, 病毒ID：85619156c23b5fc1, 处理结果：已处理，删除文件
    
14. 风险路径：C:\Users\Serendipity\Desktop\TurtleSUSP-240403(1)\TS-240403-14-Dazzle-ee0678.macho, 病毒名：Backdoor/W64.DazzleSpy.a, 病毒ID：548b45c9f526f429, 处理结果：已处理，删除文件
    
15. 风险路径：C:\Users\Serendipity\Desktop\TurtleSUSP-240403(1)\TS-240403-06-AgentTesla(GULoader)-6bce57.exe, 病毒名：HVM:TrojanDropper/Sloader.a, 病毒ID：7d18ee0b9d581589, 处理结果：已处理，删除文件
    
16. 风险路径：C:\Users\Serendipity\Desktop\TurtleSUSP-240403(1)\TS-240403-01-Snake(AutoIt)-c8fdfa.exe, 病毒名：HVM:VirTool/Obfuscator.gen!A, 病毒ID：b27d4294cde6a1ec, 处理结果：已处理，删除文件
    
17. 风险路径：C:\Users\Serendipity\Desktop\TurtleSUSP-240403(1)\TS-240403-09-RisePro(PrivateLoader)-0a5721.exe, 病毒名：HEUR:TrojanDownloader/Agent.bf, 病毒ID：7bec03d7fe2662cb, 处理结果：已处理，删除文件

复制代码

运行：
TS-240403-10-LokiBot(GULoader)-1cddce.vbs - MISS

隔山打空气

深信服EDR kill all
静态kill 12x



无文件攻击防护block ps执行 2x

东南大学

CS静态貌似只扫描PE文件？

神龟Turmi

东南大学 发表于 2024-4-3 23:42
CS静态貌似只扫描PE文件？

是的 他们的Sensor Based ML只有PE的模型

biue