【开放测试】卡饭病毒样本包 20240709 第140期

DisaPDB

Komeiji-Reimu 发表于 2024-7-9 16:45
卡巴斯基 扫描剩余6x
双击杀两个vbs

这个包很多样本都是注入后才有行为的，开核晶拦截后就没有后续操作了

UNknownOoo

X-Sec
扫描:20x

1. ---------------------
   
2. 2024/07/09 23:00:17 Threat Detected: C:\下载\27x\1\04684dfe5b251dd66125708589b7b21f3403ba7a624f4457b3fd95bbfbe4f6cc.js -- [rame-topis] Trojan.Agent/BAT!8.1161C
   
3. 2024/07/09 23:00:19 Threat Detected: C:\下载\27x\1\01b7eea92bb27df73a6972f00927ba3a5989771f90052297f4027fc33e804ffd.exe -- [rame-classic] Trojan.AntiVM!1.CF63
   
4. 2024/07/09 23:00:24 Threat Detected: C:\下载\27x\1\1b159fa01a8af6dc08e1e371203362f5a9ba4cf4128c3c234f1e53d492ee0eab.exe -- [rame-cloud] Trojan.Guloader!8.11961
   
5. 2024/07/09 23:00:25 Threat Detected: C:\下载\27x\1\04aea1458bbe0debfdc6cbd993d9d3ebf52e5742cac8d5ad53a44ac2c8010d12.exe -- [rame-cloud] Trojan.Injector/NSIS!8.1294D
   
6. 2024/07/09 23:00:25 Threat Detected: C:\下载\27x\1\1b5fbf0fffc028708def7f8b1510dd668da7abbd0d0f63b597669339005e33e0.exe -- [rame-cloud] Trojan.Convagent!8.12323
   
7. 2024/07/09 23:00:26 Threat Detected: C:\下载\27x\1\1d0bbe107346b8d5d1ed6bf86b4a5c561d426b4c06bb488b7fbbb8c93bfae9f2.exe -- [rame-classic] Trojan.Injector/Autoit!1.FD30
   
8. 2024/07/09 23:00:27 Threat Detected: C:\下载\27x\1\306f6928f04ff30ced95163cc97981ea9d0c4a51da496df9b1f44aeecc29e63f.vbs -- [rame-cloud] Trojan.SAgent/VBS!8.132D5
   
9. 2024/07/09 23:00:28 Threat Detected: C:\下载\27x\1\3d27f5ef39dec06f86331e298842bad015f9f0ee0c608e408c7d9b0daef210f6.exe -- [rame-classic] Backdoor.CobaltStrike/x64!1.E382
   
10. 2024/07/09 23:00:28 Threat Detected: C:\下载\27x\1\1b5a9c840d8932be77aa43135038742007e1e1ca5d9b8954966ddedb703a0ee4.exe -- [rame-cloud] Trojan.Generic!8.C3
    
11. 2024/07/09 23:00:29 Threat Detected: C:\下载\27x\1\510c31a30c94c1d46332356d8d4cf24171f3969c8d05e3dcecb492faa12fdc66.exe -- [rame-classic] Backdoor.AsyncRAT!1.C678
    
12. 2024/07/09 23:00:29 Threat Detected: C:\下载\27x\1\540496b0cde097cb083d1c501af7b0ed84c5e94922be37700bfa44c2090ecfbc.exe -- [rame-rdm.msil2] Malware.Obfus/MSIL@AI.89
    
13. 2024/07/09 23:00:31 Threat Detected: C:\下载\27x\1\8c415f6e9e4ddc4df9433b33035ee3c9750283cc9306cdf97d4f9b9df1036946.exe -- [rame-cloud] Stealer.Agent!8.C2
    
14. 2024/07/09 23:00:32 Threat Detected: C:\下载\27x\1\93ef803a0a6d30205faaee49199b47907fa378e2350016cc63088eeb9514931d.exe -- [rame-tfe] Trojan.Kryptik!8.8
    
15. 2024/07/09 23:00:33 Threat Detected: C:\下载\27x\1\95ff9b2516243fd104555cb9b3fa51b27adeba8f27a80c0f69f7918599938e27.exe -- [rame-rdm.msil2] Malware.Obfus/MSIL@AI.100
    
16. 2024/07/09 23:00:39 Threat Detected: C:\下载\27x\1\bb8b3acb02f86a5c9db1d935ee81c832330c8ff9d76971dd712737a6330947e6.exe -- [rame-classic] Trojan.AutoRun/SFX!1.FA4A
    
17. 2024/07/09 23:00:42 Threat Detected: C:\下载\27x\1\e4c4990451cfa8c8a75a65d68c8dc7efde67ba3cdca812636895f8488005da54.exe -- [rame-cloud] Backdoor.Androm!8.113
    
18. 2024/07/09 23:00:42 Threat Detected: C:\下载\27x\1\f6cbc49b4d78b007e50e81a36ad9fe723e8869350385dff56b02e6bbe0f886de.js -- [rame-topis] Trojan.Agent/BAT!8.1161C
    
19. 2024/07/09 23:00:42 Threat Detected: C:\下载\27x\1\f0c3e45b96e2fa1bcd7f39a9a80337314cc27ea3df30a90c594b43fa8487adc6.exe -- [rame-classic] Trojan.Injector!1.F43F
    
20. 2024/07/09 23:00:44 Threat Detected: C:\下载\27x\1\f71c34128bf5c4a4ecc05e5aa4fbd02740b96c4aaf075124f3a4e33f36c17c92.exe -- [rame-cloud] Trojan.Generic!8.C3
    
21. 2024/07/09 23:00:45 Threat Detected: C:\下载\27x\1\e33fda9ea628ee0efe54b54a20a9e6aff7cd64d293f3b67c71f11d3035c17764.vbs -- [rame-cloud] Trojan.SAgent/VBS!8.132D5

复制代码

莒县小哥

ANY.LNK 发表于 2024-7-9 17:54
微软
解压24x，扫描3x，清空

总算找到个能显示完整日志的工具了

大佬，可否分享一下

aboringman

火绒6.0（开高启）：21

1. 风险路径：D:\测试\27x (2024-07-09)\1\3d27f5ef39dec06f86331e298842bad015f9f0ee0c608e408c7d9b0daef210f6.exe, 病毒名：Backdoor/CobaltStrike.d, 病毒ID：9c6caf6b7979d2d0, 处理结果：已处理，删除文件
   
2. 风险路径：D:\测试\27x (2024-07-09)\1\510c31a30c94c1d46332356d8d4cf24171f3969c8d05e3dcecb492faa12fdc66.exe, 病毒名：Backdoor/MSIL.DcRat.a, 病毒ID：eb06897b83bd81bd, 处理结果：已处理，删除文件
   
3. 风险路径：D:\测试\27x (2024-07-09)\1\1b159fa01a8af6dc08e1e371203362f5a9ba4cf4128c3c234f1e53d492ee0eab.exe >> [NSIS].nsi, 病毒名：Trojan/Injector.blu, 病毒ID：ed46968bd0d5d9e2, 处理结果：已处理，删除文件
   
4. 风险路径：D:\测试\27x (2024-07-09)\1\306f6928f04ff30ced95163cc97981ea9d0c4a51da496df9b1f44aeecc29e63f.vbs, 病毒名：ADV:Trojan/VBS.Generic!meteor, 病毒ID：f096cb238b54ca13, 处理结果：已处理，删除文件
   
5. 风险路径：D:\测试\27x (2024-07-09)\1\04aea1458bbe0debfdc6cbd993d9d3ebf52e5742cac8d5ad53a44ac2c8010d12.exe >> [NSIS].nsi, 病毒名：Trojan/Injector.blu, 病毒ID：ed46968bd0d5d9e2, 处理结果：已处理，删除文件
   
6. 风险路径：D:\测试\27x (2024-07-09)\1\540496b0cde097cb083d1c501af7b0ed84c5e94922be37700bfa44c2090ecfbc.exe, 病毒名：ADV:VirTool/MSIL.Obfuscator!meteor, 病毒ID：9b3fa4092c57ea79, 处理结果：已处理，删除文件
   
7. 风险路径：D:\测试\27x (2024-07-09)\1\e33fda9ea628ee0efe54b54a20a9e6aff7cd64d293f3b67c71f11d3035c17764.vbs, 病毒名：ADV:Trojan/VBS.Generic!meteor, 病毒ID：f096cb238b54ca13, 处理结果：已处理，删除文件
   
8. 风险路径：D:\测试\27x (2024-07-09)\1\95ff9b2516243fd104555cb9b3fa51b27adeba8f27a80c0f69f7918599938e27.exe, 病毒名：ADV:VirTool/MSIL.Obfuscator!meteor, 病毒ID：9b3fa4092c57ea79, 处理结果：已处理，删除文件
   
9. 风险路径：D:\测试\27x (2024-07-09)\1\de8a9c273adc8bd2c615a7e09c87cb8b9cfc38ef6317bfa435b4a3474f1b670f.exe, 病毒名：ADV:TrojanSpy/MSIL.Stealer!meteor, 病毒ID：4a7ffd6cc7dd1ce4, 处理结果：已处理，删除文件
   
10. 风险路径：D:\测试\27x (2024-07-09)\1\93ef803a0a6d30205faaee49199b47907fa378e2350016cc63088eeb9514931d.exe, 病毒名：HEUR:Trojan/Injector.an, 病毒ID：8fc1cd07c0df3ba2, 处理结果：已处理，删除文件
    
11. 风险路径：D:\测试\27x (2024-07-09)\1\e4c4990451cfa8c8a75a65d68c8dc7efde67ba3cdca812636895f8488005da54.exe, 病毒名：ADV:VirTool/MSIL.Obfuscator!meteor, 病毒ID：9b3fa4092c57ea79, 处理结果：已处理，删除文件
    
12. 风险路径：D:\测试\27x (2024-07-09)\1\bb8b3acb02f86a5c9db1d935ee81c832330c8ff9d76971dd712737a6330947e6.exe, 病毒名：ADV:TrojanDropper/Generic!meteor, 病毒ID：2aa2a79c868ffab1, 处理结果：已处理，删除文件
    
13. 风险路径：D:\测试\27x (2024-07-09)\1\1b5a9c840d8932be77aa43135038742007e1e1ca5d9b8954966ddedb703a0ee4.exe, 病毒名：HEUR:Trojan/Injector.an, 病毒ID：8fc1cd07c0df3ba2, 处理结果：已处理，删除文件
    
14. 风险路径：D:\测试\27x (2024-07-09)\1\b116c1e0f92dca485565d5f7f3b572d7f01724062320597733b9dbf6dd84dee1.exe, 病毒名：ADV:Virus/W64.Generic!meteor, 病毒ID：4557085bba3293b0, 处理结果：已处理，删除文件
    
15. 风险路径：D:\测试\27x (2024-07-09)\1\01b7eea92bb27df73a6972f00927ba3a5989771f90052297f4027fc33e804ffd.exe, 病毒名：Backdoor/MSIL.DcRat.a, 病毒ID：eb06897b83bd81bd, 处理结果：已处理，删除文件
    
16. 风险路径：D:\测试\27x (2024-07-09)\1\f71c34128bf5c4a4ecc05e5aa4fbd02740b96c4aaf075124f3a4e33f36c17c92.exe, 病毒名：ADV:TrojanSpy/MSIL.Stealer!meteor, 病毒ID：4a7ffd6cc7dd1ce4, 处理结果：已处理，删除文件
    
17. 风险路径：D:\测试\27x (2024-07-09)\1\d4db39743a54bacc03cdb4d4d772000823f099febea271a44d40631cc01a2a0c.exe, 病毒名：ADV:VirTool/MSIL.Obfuscator!meteor, 病毒ID：9b3fa4092c57ea79, 处理结果：已处理，删除文件
    
18. 风险路径：D:\测试\27x (2024-07-09)\1\f0c3e45b96e2fa1bcd7f39a9a80337314cc27ea3df30a90c594b43fa8487adc6.exe, 病毒名：Trojan/Injector.biz, 病毒ID：9174874ed7d6b025, 处理结果：已处理，删除文件
    
19. 风险路径：D:\测试\27x (2024-07-09)\1\1d0bbe107346b8d5d1ed6bf86b4a5c561d426b4c06bb488b7fbbb8c93bfae9f2.exe, 病毒名：ADV:TrojanDownloader/Generic!meteor, 病毒ID：a540286dfdaab915, 处理结果：已处理，删除文件
    
20. 风险路径：D:\测试\27x (2024-07-09)\1\1b5fbf0fffc028708def7f8b1510dd668da7abbd0d0f63b597669339005e33e0.exe, 病毒名：ADV:VirTool/Obfuscator!meteor, 病毒ID：b6b4d4a297409986, 处理结果：已处理，删除文件
    
21. 风险路径：D:\测试\27x (2024-07-09)\1\5e2839553458547a92fff7348862063b30510e805a550e02d94a89bd8fd0768d.exe, 病毒名：ADV:Virus/W64.Generic!meteor, 病毒ID：4557085bba3293b0, 处理结果：已处理，删除文件

复制代码

haol

Emsisoft found 19 threats as below
1\04684dfe5b251dd66125708589b7b21f3403ba7a624f4457b3fd95bbfbe4f6cc.js -> (INFECTED_JS)         detected: JS:Trojan.Cryxos.13469 (B)
1\04684dfe5b251dd66125708589b7b21f3403ba7a624f4457b3fd95bbfbe4f6cc.js:Zone.Identifier -> (BASE64)
1\04aea1458bbe0debfdc6cbd993d9d3ebf52e5742cac8d5ad53a44ac2c8010d12.exe:Zone.Identifier -> (BASE64)
1\050e979722f8a3be5a07806d3ebbbac067ff293ed225faff452aa6145ef21c96.exe
1\1b5a9c840d8932be77aa43135038742007e1e1ca5d9b8954966ddedb703a0ee4.exe:Zone.Identifier -> (BASE64)
1\04aea1458bbe0debfdc6cbd993d9d3ebf52e5742cac8d5ad53a44ac2c8010d12.exe -> (NSIS o) -> Rbdiges98.Ton192
1\04aea1458bbe0debfdc6cbd993d9d3ebf52e5742cac8d5ad53a44ac2c8010d12.exe -> (NSIS o) -> lzma_nsis0000         detected: Gen:Variant.Nemesis.35181 (B)
1\d4db39743a54bacc03cdb4d4d772000823f099febea271a44d40631cc01a2a0c.exe:Zone.Identifier -> (BASE64)
1\de8a9c273adc8bd2c615a7e09c87cb8b9cfc38ef6317bfa435b4a3474f1b670f.exe:Zone.Identifier -> (BASE64)
1\e4c4990451cfa8c8a75a65d68c8dc7efde67ba3cdca812636895f8488005da54.exe:Zone.Identifier -> (BASE64)
1\bb8b3acb02f86a5c9db1d935ee81c832330c8ff9d76971dd712737a6330947e6.exe -> (RAR Sfx o) -> (REMOVED_NULLS) -> (SCRENC)
1\bb8b3acb02f86a5c9db1d935ee81c832330c8ff9d76971dd712737a6330947e6.exe -> (RAR Sfx o) -> providerbrokerSvc.exe         detected: Trojan.MSIL.Basic.8.Gen (B)
1\bb8b3acb02f86a5c9db1d935ee81c832330c8ff9d76971dd712737a6330947e6.exe -> (Embedded 0)         detected: Trojan.MSIL.Basic.8.Gen (B)
1\f6cbc49b4d78b007e50e81a36ad9fe723e8869350385dff56b02e6bbe0f886de.js -> (INFECTED_JS)         detected: JS:Trojan.Cryxos.13469 (B)
1\f71c34128bf5c4a4ecc05e5aa4fbd02740b96c4aaf075124f3a4e33f36c17c92.exe:Zone.Identifier -> (BASE64)
27x (2024-07-09).zip:Zone.Identifier -> (BASE64)
1\050e979722f8a3be5a07806d3ebbbac067ff293ed225faff452aa6145ef21c96.exe         detected: Gen:Variant.Marsilia.110224 (B)
1\1b159fa01a8af6dc08e1e371203362f5a9ba4cf4128c3c234f1e53d492ee0eab.exe         detected: Trojan.GenericKD.73405068 (B)
1\1b5a9c840d8932be77aa43135038742007e1e1ca5d9b8954966ddedb703a0ee4.exe         detected: Gen:Variant.Lazy.549022 (B)
1\f0c3e45b96e2fa1bcd7f39a9a80337314cc27ea3df30a90c594b43fa8487adc6.exe
1\01b7eea92bb27df73a6972f00927ba3a5989771f90052297f4027fc33e804ffd.exe         detected: IL:Trojan.MSILZilla.81201 (B)
1\306f6928f04ff30ced95163cc97981ea9d0c4a51da496df9b1f44aeecc29e63f.vbs         detected: Trojan.GenericKD.73402735 (B)
1\510c31a30c94c1d46332356d8d4cf24171f3969c8d05e3dcecb492faa12fdc66.exe         detected: Trojan.GenericKDZ.102657 (B)
1\3d27f5ef39dec06f86331e298842bad015f9f0ee0c608e408c7d9b0daef210f6.exe         detected: Gen:Variant.Bulz.262606 (B)
1\540496b0cde097cb083d1c501af7b0ed84c5e94922be37700bfa44c2090ecfbc.exe         detected: Gen:Variant.Lazy.487114 (B)
1\8c415f6e9e4ddc4df9433b33035ee3c9750283cc9306cdf97d4f9b9df1036946.exe         detected: Trojan.GenericKD.73402377 (B)
1\93ef803a0a6d30205faaee49199b47907fa378e2350016cc63088eeb9514931d.exe         detected: Gen:Variant.Lazy.550625 (B)
1\de8a9c273adc8bd2c615a7e09c87cb8b9cfc38ef6317bfa435b4a3474f1b670f.exe         detected: Gen:Variant.Barys.412544 (B)
1\e33fda9ea628ee0efe54b54a20a9e6aff7cd64d293f3b67c71f11d3035c17764.vbs         detected: Trojan.GenericKD.73401111 (B)
1\d4db39743a54bacc03cdb4d4d772000823f099febea271a44d40631cc01a2a0c.exe         detected: Gen:Variant.Lazy.548203 (B)
1\f71c34128bf5c4a4ecc05e5aa4fbd02740b96c4aaf075124f3a4e33f36c17c92.exe         detected: Trojan.GenericKD.73407265 (B)

ANY.LNK

莒县小哥 发表于 2024-7-9 23:06
大佬，可否分享一下

WinDefLogViewer， NirSoft，可以自己搜到

maybug

McAfee  怎么没扫出来

aboringman

maybug 发表于 2024-7-10 07:00
McAfee  怎么没扫出来

你得解压出来再扫里面的内容啊，直接扫描加密压缩包当然扫不出来了（

maybug

aboringman 发表于 2024-7-10 09:13
你得解压出来再扫里面的内容啊，直接扫描加密压缩包当然扫不出来了（

解压会不会病毒就生效了

aboringman

maybug 发表于 2024-7-10 09:24
解压会不会病毒就生效了

一般是不会的，你要是害怕误击的话，单独给创个专门测试的文件夹，然后东西放里面，右键把压缩包里的内容解压到一个新的文件夹里，然后再对着这个文件夹扫描就是了，完事之后直接一整个删掉，也不用点进去看。

*当然最保险就是扔虚拟机里面，自己装个系统和杀软，所有的操作都在虚拟机里进行。