【开放测试】卡饭病毒样本包 20240709 第140期

ANY.LNK

微软
解压24x，扫描3x，清空

好，总算找到个能显示完整日志的工具了



补一下当时的日志：

1. 2024-07-09T09:55:42.927Z DETECTION Trojan:BAT/AgentSetter.RP!MTB file:C:\Users\A.LINK\Downloads\27x (2024-07-09)\1\04684dfe5b251dd66125708589b7b21f3403ba7a624f4457b3fd95bbfbe4f6cc.js
   
2. 2024-07-09T09:55:43.182Z DETECTION Backdoor:MSIL/AsyncRat.AD!MTB file:C:\Users\A.LINK\Downloads\27x (2024-07-09)\1\01b7eea92bb27df73a6972f00927ba3a5989771f90052297f4027fc33e804ffd.exe
   
3. 2024-07-09T09:55:44.056Z DETECTION Trojan:Win32/Vigorf.A file:C:\Users\A.LINK\Downloads\27x (2024-07-09)\1\04aea1458bbe0debfdc6cbd993d9d3ebf52e5742cac8d5ad53a44ac2c8010d12.exe
   
4. 2024-07-09T09:55:44.904Z DETECTION Trojan:Win32/Vigorf.A file:C:\Users\A.LINK\Downloads\27x (2024-07-09)\1\1b159fa01a8af6dc08e1e371203362f5a9ba4cf4128c3c234f1e53d492ee0eab.exe
   
5. 2024-07-09T09:55:44.940Z DETECTION Trojan:VBS/GuLoader.NMU!MTB file:C:\Users\A.LINK\Downloads\27x (2024-07-09)\1\306f6928f04ff30ced95163cc97981ea9d0c4a51da496df9b1f44aeecc29e63f.vbs
   
6. 2024-07-09T09:55:44.957Z DETECTION Backdoor:Win64/CobaltStrike!pz file:C:\Users\A.LINK\Downloads\27x (2024-07-09)\1\3d27f5ef39dec06f86331e298842bad015f9f0ee0c608e408c7d9b0daef210f6.exe
   
7. 2024-07-09T09:55:45.410Z DETECTION Trojan:Win32/Strab.GPCX!MTB file:C:\Users\A.LINK\Downloads\27x (2024-07-09)\1\1d0bbe107346b8d5d1ed6bf86b4a5c561d426b4c06bb488b7fbbb8c93bfae9f2.exe
   
8. 2024-07-09T09:55:45.529Z DETECTION Trojan:MSIL/AsyncRAT.S!MTB file:C:\Users\A.LINK\Downloads\27x (2024-07-09)\1\510c31a30c94c1d46332356d8d4cf24171f3969c8d05e3dcecb492faa12fdc66.exe
   
9. 2024-07-09T09:55:45.979Z DETECTION Trojan:Win32/Casdet!rfn file:C:\Users\A.LINK\Downloads\27x (2024-07-09)\1\5a94384836c18c3bc2e2275abf40a7421cc3317fd82966a6d4862a1a2a9c824a.dll
   
10. 2024-07-09T09:55:46.856Z DETECTION Trojan:Win32/AgentTesla!ml file:C:\Users\A.LINK\Downloads\27x (2024-07-09)\1\050e979722f8a3be5a07806d3ebbbac067ff293ed225faff452aa6145ef21c96.exe
    
11. 2024-07-09T09:55:47.325Z DETECTION Trojan:Win32/Leonem file:C:\Users\A.LINK\Downloads\27x (2024-07-09)\1\540496b0cde097cb083d1c501af7b0ed84c5e94922be37700bfa44c2090ecfbc.exe
    
12. 2024-07-09T09:55:48.046Z DETECTION Trojan:Win32/Casdet!rfn file:C:\Users\A.LINK\Downloads\27x (2024-07-09)\1\8c415f6e9e4ddc4df9433b33035ee3c9750283cc9306cdf97d4f9b9df1036946.exe
    
13. 2024-07-09T09:55:48.496Z DETECTION Trojan:Win32/Wacatac.H!ml file:C:\Users\A.LINK\Downloads\27x (2024-07-09)\1\5e2839553458547a92fff7348862063b30510e805a550e02d94a89bd8fd0768d.exe
    
14. 2024-07-09T09:55:48.931Z DETECTION Trojan:Win32/Znyonm file:C:\Users\A.LINK\Downloads\27x (2024-07-09)\1\1b5fbf0fffc028708def7f8b1510dd668da7abbd0d0f63b597669339005e33e0.exe
    
15. 2024-07-09T09:55:49.315Z DETECTION Backdoor:MSIL/DCRat!MTB file:C:\Users\A.LINK\Downloads\27x (2024-07-09)\1\bb8b3acb02f86a5c9db1d935ee81c832330c8ff9d76971dd712737a6330947e6.exe
    
16. 2024-07-09T09:55:49.347Z DETECTION Trojan:VBS/GuLoader.NMU!MTB file:C:\Users\A.LINK\Downloads\27x (2024-07-09)\1\e33fda9ea628ee0efe54b54a20a9e6aff7cd64d293f3b67c71f11d3035c17764.vbs
    
17. 2024-07-09T09:55:49.933Z DETECTION Trojan:Win32/Casdet!rfn file:C:\Users\A.LINK\Downloads\27x (2024-07-09)\1\95ff9b2516243fd104555cb9b3fa51b27adeba8f27a80c0f69f7918599938e27.exe
    
18. 2024-07-09T09:55:50.698Z DETECTION Trojan:Win32/Casdet!rfn file:C:\Users\A.LINK\Downloads\27x (2024-07-09)\1\cb9272a1dd0bf2a449ab89feaed92b22e2ae6a4e795d158e38b2f0727d9f46c2.dll
    
19. 2024-07-09T09:55:50.831Z DETECTION Trojan:BAT/AgentSetter.RP!MTB file:C:\Users\A.LINK\Downloads\27x (2024-07-09)\1\f6cbc49b4d78b007e50e81a36ad9fe723e8869350385dff56b02e6bbe0f886de.js
    
20. 2024-07-09T09:55:51.316Z DETECTION Trojan:MSIL/SpyNoon!MTB file:C:\Users\A.LINK\Downloads\27x (2024-07-09)\1\de8a9c273adc8bd2c615a7e09c87cb8b9cfc38ef6317bfa435b4a3474f1b670f.exe
    
21. 2024-07-09T09:55:51.846Z DETECTION Trojan:Win32/Formbook!ml file:C:\Users\A.LINK\Downloads\27x (2024-07-09)\1\e4c4990451cfa8c8a75a65d68c8dc7efde67ba3cdca812636895f8488005da54.exe
    
22. 2024-07-09T09:55:52.800Z DETECTION Trojan:Win32/AgentTesla!ml file:C:\Users\A.LINK\Downloads\27x (2024-07-09)\1\f71c34128bf5c4a4ecc05e5aa4fbd02740b96c4aaf075124f3a4e33f36c17c92.exe
    
23. 2024-07-09T09:55:53.785Z DETECTION Trojan:Win32/AgentTesla!ml file:C:\Users\A.LINK\Downloads\27x (2024-07-09)\1\d4db39743a54bacc03cdb4d4d772000823f099febea271a44d40631cc01a2a0c.exe
    
24. 2024-07-09T09:55:54.952Z DETECTION Trojan:Win32/Phonzy.B!ml file:C:\Users\A.LINK\Downloads\27x (2024-07-09)\1\f0c3e45b96e2fa1bcd7f39a9a80337314cc27ea3df30a90c594b43fa8487adc6.exe
    
25. 2024-07-09T10:01:29.272Z DETECTION Backdoor:MSIL/Nanocore!MTB file:C:\Users\A.LINK\Downloads\27x (2024-07-09)\1\1b5a9c840d8932be77aa43135038742007e1e1ca5d9b8954966ddedb703a0ee4.exe
    
26. 2024-07-09T10:01:29.277Z DETECTION Trojan:Win32/Casdet!rfn file:C:\Users\A.LINK\Downloads\27x (2024-07-09)\1\b116c1e0f92dca485565d5f7f3b572d7f01724062320597733b9dbf6dd84dee1.exe
    
27. 2024-07-09T10:01:29.283Z DETECTION Trojan:Win32/Leonem file:C:\Users\A.LINK\Downloads\27x (2024-07-09)\1\93ef803a0a6d30205faaee49199b47907fa378e2350016cc63088eeb9514931d.exe

复制代码

PS：微软这日志导出来真麻烦，多数情况下不同批次的样本完全混在一起

QVM360

Komeiji-Reimu 发表于 2024-7-9 17:40
腾仔崛起了？
居然kill all

腾讯最近是厉害，但是主动防御很差

Komeiji-Reimu

QVM360 发表于 2024-7-9 17:58
腾讯最近是厉害，但是主动防御很差

是的，有些时候甚至会出现扫描杀双击不杀的好玩局面。

另外，我那个7楼的加分是4x15吧应该

断簪

eset


剩下


双击0

inhh1

奇安信V10（天擎）模组全开
扫描杀25x
执行杀1x
剩1x

趋势（ApexOne）扫描19x机学1x双击1x
miss 6x

bd扫描kill25x
剩两个dll

Komeiji-Reimu

七楼，卡巴双击日志在压缩文件里最后几行，是文件反病毒触发的 区别于扫描日志，他有“发起者”一栏

QVM360

Komeiji-Reimu 发表于 2024-7-9 18:46
七楼，卡巴双击日志在压缩文件里最后几行，是文件反病毒触发的 区别于扫描日志，他有“发起者”一栏

卡巴主动防御开头都是PDM，你日志里没看到PDM这个字符串

StarlitFuture

COMODO 2025 TDT Module Block 1，剩余入沙

熊小度

自研API引擎18X

日志：


360 27X

日志：

杰伦Ｊ时代

QVM360 发表于 2024-7-9 17:58
腾讯最近是厉害，但是主动防御很差

管家要是有智量的主防和机学在配合管家的云端，我相信管家不管在国际还是我们中国可以直接第一阶梯队了！