【开放测试】卡饭病毒样本包 20240720 第148期

QVM360

警告：本主题中所包含的任何文件和附件都有危害你的计算机的可能，并且没有安全软件可以100%防护这些样本。
          对于下载样本或附件所导致的任何数据泄露、破坏，以及所产生的任何损失，本人和卡饭论坛不负任何责任。

样本下载：
https://mc163.lanzoue.com/iloG3252lade
SHA256: CDF05FF168EA1AB797B26B8D672BAE6A65BBAC0331F7D605C3B28DA4F9771C59


压缩包密码：infected

如果样本中包含.ps1文件(Powershell脚本)，则需要手动打开cmd.exe输入以下指令允许运行ps1脚本:

Powershell.exe Set-ExecutionPolicy Bypass

奖励/惩罚规则：
奖励规则：
1、上传扫描日志（把miss的样本的文件名一起发上来），+5经验。
2、上传双击结果，+15经验。
3、测试多款安全软件的，奖励累加。
惩罚规则：
1、占楼后2小时内未能给出测试结果的，视为灌水，按照论坛规定处理
2、其他违规行为，按照论坛相关规定处理。

注意：扫描/双击日志请以附件形式（压缩包）或图片上传，也可以 以1号字体放在回复中。         
          对于日志过长以至于影响会员刷帖/回帖体验的回复，管理人员有权进行屏蔽处理。

当前测试阶段：开放测试

----------------------------------------------------
往期测试样本包下载：
https://mc163.lanzoue.com/b0edaxo1g
密码:GkNO64bFD5bf

莒县小哥

WD杀35枚

hsks

360一扫

剩余双击（3个stop勒索估计能杀）
cd866b4aa47daf4efb5f4800b7972404a4dace852d2749ca11cf341ca63a368a.exe
就算kill all了（

孤勇者

卡巴斯基扫描kill32/36

a233

Avast扫描两遍31x（第二次无检出）

Miss：

日志：

双击：
13e4828dab5f4bb756b0344cf75aa170dfbb045e991a2ea02f040b1d2e32ef58.exe拦截链接

ANY.LNK

微软：还是剩一个


其余的：

1. 2024-07-20T10:49:32.864Z DETECTION Exploit:O97M/CVE-2017-11882.VRP!MTB file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\0ff8b68f49383b71e5fb908c161d32cde70e379e71ad370bafd8ea2c5542f5e0.rtf
   
2. 2024-07-20T10:49:33.008Z DETECTION Trojan:Win32/Stealc!pz file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\224cb722a3b940c564dd0f4e6347776a6ebd2ce4d1ce898cc16769a8ec079b1a.exe
   
3. 2024-07-20T10:49:33.529Z DETECTION Backdoor:MSIL/Quasar!atmn file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\30c381a042e571d4d749f7aff6e1b17d77100ad35368c9a67136c1b5436c79cb.exe
   
4. 2024-07-20T10:49:34.366Z DETECTION Trojan:Win32/Leonem file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\02834189b25bc0ac8a5c71ecf6ec7fdc15c85f12f1b1e57213ba2cd41cfe68d4.exe
   
5. 2024-07-20T10:49:35.203Z DETECTION Trojan:Win32/DCRat.MQ!MTB file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\201556005da4df20af6955b8858805f9ab003861a4898733263f7ad5c2b88606.exe
   
6. 2024-07-20T10:49:37.094Z DETECTION Trojan:Win32/Wacatac.B!ml file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\13e4828dab5f4bb756b0344cf75aa170dfbb045e991a2ea02f040b1d2e32ef58.exe
   
7. 2024-07-20T10:49:39.605Z DETECTION Trojan:Win32/Wacatac.H!ml file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\4ecc911f674fe3ed2fdd1df733f17160b3b23f1990c3bc3334155e48335943d3.exe
   
8. 2024-07-20T10:49:41.408Z DETECTION Trojan:Win32/PovertyStealer.RDA!MTB file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\19f9b64a4f4da1175928c66979e73379ea41fb3a9c6f1d795f615eecf357bf83.exe
   
9. 2024-07-20T10:49:42.146Z DETECTION PWS:MSIL/Stealer.DHC!MTB file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\60f9c3950d3dedef5264b6e2da9ac33d31bcbc94253cbae0197b051cbc3ed4fd.exe
   
10. 2024-07-20T10:49:42.188Z DETECTION Trojan:Win32/LummaStealer!MTB file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\8129223972fb532baa3fd67b5a20d3c4d12f3fe42d8a7547e38f75e3a52df37e.exe
    
11. 2024-07-20T10:49:42.498Z DETECTION Backdoor:MSIL/Quasar!atmn file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\7d21bbbcb3e0f709dd351c1edc4d52efae8da0edf341121c17a6cfb1a9ecc7b2.exe
    
12. 2024-07-20T10:49:43.095Z DETECTION PWS:MSIL/Mintluks!atmn file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\76721eceb65f67dff858add924fe10be2885200023c859bd3d3dddd53bd471b7.exe
    
13. 2024-07-20T10:49:45.477Z DETECTION Trojan:Win32/AutoInj.GZN!MTB file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\0e943aa3612dd99f9d64fc02290666ddc800c62fe3875421db07d6059c60c7ba.exe
    
14. 2024-07-20T10:49:45.519Z DETECTION Trojan:Win32/Seheq!rfn file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\8484560c1526ee2e313a2b57f52ea5b31edd05a0c9664bd7f60da020871bfe6f.exe
    
15. 2024-07-20T10:49:46.279Z DETECTION Trojan:Win32/Wacatac.H!ml file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\6b19c935d0afd202d7424d7cb7e355e4c04645721176eae6e5814b7760dca5a0.exe
    
16. 2024-07-20T10:49:46.315Z DETECTION Trojan:Win32/Redline.AMAN!MTB file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\a13c3863d0fdb36d18368500bd07167cd058d7b6fb511a9356b2cf99d14ccb48.exe
    
17. 2024-07-20T10:49:46.933Z DETECTION Trojan:MSIL/Redline.GZN!MTB file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\9b71f04338445c8cf893a8bf346eed488d13bf8729e9a4e52ec617bcc2adf324.exe
    
18. 2024-07-20T10:49:47.379Z DETECTION Trojan:Win32/Redline.MAE!MTB file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\a531cf5568b7ab1e70b269186601bedacd734851da989ac6d37771f1b0b87547.exe
    
19. 2024-07-20T10:49:48.135Z DETECTION Trojan:Win32/Wacatac.H!ml file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\8f8a2176880d870914390bb2b62a538a0491ae0fc353b3b845acec0dd3751794.exe
    
20. 2024-07-20T10:49:48.247Z DETECTION Trojan:Win32/Redline.MAE!MTB file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\ba82b9708925f266c292334bc5e20e963c6e20ce134f03f79892fd5c26e645f8.exe
    
21. 2024-07-20T10:49:48.313Z DETECTION Trojan:MSIL/Formbook.EE!MTB file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\b0fbced03f7d674295d8e2c6b4ee3c4894b1f2932b6c45c353e007f323e7e421.exe
    
22. 2024-07-20T10:49:49.848Z DETECTION Trojan:Win32/Wacatac.H!ml file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\812bacab45fe7007aca19cd563e789a04dc59040824a0d3a54f9b2fd173097dc.exe
    
23. 2024-07-20T10:49:50.751Z DETECTION Trojan:Win32/WinLNK.QLAA!MTB file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\d0775ec420a4938cbf1b2e9432677e08fcfbde6f424a8f7289e57e31f9334b74.lnk
    
24. 2024-07-20T10:49:51.935Z DETECTION Trojan:Win32/Wacatac.H!ml file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\cd866b4aa47daf4efb5f4800b7972404a4dace852d2749ca11cf341ca63a368a.exe
    
25. 2024-07-20T10:49:57.254Z DETECTION Trojan:Win32/Stealerc.GAB!MTB file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\a4e51ce0f2bcb0159ce826e68319a9387660406b965727c473d6603a2615daa7.exe
    
26. 2024-07-20T10:49:57.787Z DETECTION Trojan:Win32/Wacatac.H!ml file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\ee3a8b076aed6d3f4dd52056b6fbcf62455a9258600b8e520551df9305dfb9fa.exe
    
27. 2024-07-20T10:49:58.354Z DETECTION Trojan:Win32/Casdet!rfn file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\fa480b199885433840abe9d506ccf32fc75fc1dd771695cce2dcb4f438a98d00.exe
    
28. 2024-07-20T10:49:58.383Z DETECTION TrojanDropper:Win64/Convagent!pz file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\fa4da01ef3e3d6eca87a36ba135e9b2084461a68e975895bc57050f6ab472def.exe
    
29. 2024-07-20T10:49:59.210Z DETECTION Trojan:Win64/Donut!pz file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\f07d50c71f598073cd27d2f0ec6a6f2a7d1987ade4773cbb4b4cb8d99ba6c926.exe
    
30. 2024-07-20T10:49:59.712Z DETECTION TrojanSpy:Win32/Multiverze file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\e9dad06eb568f2e548e731525f9ae1e77e40449848f71e4201f6c6f4536415fe.exe
    
31. 2024-07-20T10:50:09.064Z DETECTION Trojan:Win32/Wacatac.H!ml file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\4b0f269efd1980ba9756c1d161e425fa41024e37ab85aa93119dbf9cb44d2fe6.exe
    
32. 2024-07-20T10:50:20.588Z DETECTION Trojan:Win32/Wacatac.H!ml file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\677e267b67c4d11df74cda41f59b44cd8169f1dcc5b2fb02dadadf4d4d3409fc.exe
    
33. 2024-07-20T10:50:32.352Z DETECTION Trojan:Win32/Wacatac.H!ml file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\881e0d77937dfe04295b394212e9004db0bbad441ed40fab38a8a48216020bf7.exe
    
34. 2024-07-20T10:51:09.611Z DETECTION Trojan:Win32/Convagent.QAA!MTB file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\68a2463b6158df3417d67dd62a36c2f24a6222f5470c4eed599eb88f6fc0c69f.exe
    
35. 2024-07-20T10:51:41.041Z DETECTION Trojan:Win32/Wacatac.H!ml file:C:\Users\A.LINK\Downloads\36x (2024-07-20)\1\c353239379a79b09a4a4dd594cb1dd338a46d0677bd9d43658be6bdb68cc5097.exe

复制代码

得，虚拟机没Java环境

biue

腾讯电脑管家 35X

aboringman

天守：33











双击

8f8a2176880d870914390bb2b62a538a0491ae0fc353b3b845acec0dd3751794.exe：这个在拉黑前我跑了一次，触发了内存攻击防护



不久之后可以被检测



剩下的两个均无拦截

123456aaaafsdeg

火绒6（ADV=ON）





双击：

dght432

hips阻止一个