样本1X VT2/71

显示全部楼层 · 发表于前天 16:52

https://pan.huang1111.cn/s/oX4aVT8
5c427222494a1f9e3509412712f9cfa643a4c2b3f7dc83998bae0c31f41c84a5

显示全部楼层 · 发表于前天 17:01

迈克菲扫描 miss

显示全部楼层 · 发表于前天 17:07

火绒入库

显示全部楼层 · 发表于前天 17:07

本帖最后由莒县小哥于 2025-6-25 17:32 编辑

MD

显示全部楼层 · 发表于前天 17:33

AhnLab 触发上传分析但是未识别（）

显示全部楼层 · 发表于前天 17:35

本帖最后由 Fadouse 于 2025-6-25 17:46 编辑

Joesandbox报APT37说是

Dropped file: MD5: ac6ad5d9b99757c3a878f2d275ace198 Family: APT37 Alias: Reaper group, Geumseong121, Group 123, Scarcruft, APT-S-008, Red Eyes, TEMP.Reaper, Ricochet Chollima, sun team, APT37 Description: APT37 is a suspected North Korean cyber espionage group that has been in operation since at least 2012. Their targets are primarily located in South Korea, but also Japan, Vietnam, Russia, China, India, and some of the countries in the Middle East. A wider range of industries are affected, including chemicals, electronics, manufacturing, aerospace, automotive and healthcare entities References: https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf https://securelist.com/operation-daybreak/75100/https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/Data Source: https://github.com/RedDrip7/APT_Digital_Weapon

复制代码

S1 + ES双击Kill

显示全部楼层 · 发表于前天 17:36

扫描杀

显示全部楼层 · 发表于前天 18:35

MD 扫描 Trojan:Win32/Sonbokli.A!cl

显示全部楼层 · 发表于前天 19:42

显示全部楼层 · 发表于前天 19:47

emsi

2025/6/25 19:45:27
行为监控检测可疑行为 "HiddenInstallation" 来自于 C:\Users\user000\AppData\Local\Temp\is-83GJV.tmp\setup1.tmp (SHA1: FF7EC1F605280CCFA2CA52848080EB5C22A0024D)

复制代码

[病毒样本] 样本1X VT2/71