收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 在sandbox目录查到的 C2 Stager1X
返回列表 发新帖
查看: 304|回复: 7
收起左侧

[病毒样本] 在sandbox目录查到的 C2 Stager1X

[复制链接]
tony099
发表于 昨天 21:50 | 显示全部楼层 |阅读模式
本帖最后由 tony099 于 2025-12-19 22:05 编辑

vt:44/72   https://www.virustotal.com/gui/f ... f4bb58182/detection

Creation Time
2025-12-09 11:59:43 UTC

First Submission
2025-12-16 19:10:37 UTC

Last Submission
2025-12-19 13:45:08 UTC

Last Analysis
2025-12-19 08:31:32 UTC


链接:米店不卖大米通过QQ闪传分享了【ConfigChase.zip】
https://qfile.qq.com/q/SDq03z8tGe
回复

举报

22222221
发表于 昨天 21:58 | 显示全部楼层
HMPA kill
Mitigation   C2Interceptor
SubType      Stager
Tag          SigDynamicAPI
Timestamp    2025-12-19T13:56:30

Platform     10.0.19045/x64 v2019 af_50
PID          688
Feature      00FD2E70000002A2
Application  C:\Users\Administrator\Desktop\ConfigChase.exe
Created      2025-12-19T13:56:28
Description  ConfigChase.exe


**** Looks like a stager ****

Stack Trace
#  Address          Module                   Location
-- ---------------- ------------------------ ----------------------------------------
1  000002BEC66D0126 (anonymous; ConfigChase.exe)
                    eb59                     JMP          0x2bec66d0181

2  000002BEC66D036A (anonymous; ConfigChase.exe)

Loaded Modules (36)
-----------------------------------------------------------------------------
00007FF792EB0000-00007FF792FC2000 ConfigChase.exe (),
                                  version:
00007FF9445D0000-00007FF9447C8000 ntdll.dll (Microsoft Corporation),
                                  version: 10.0.19041.4842 (WinBuild.160101.0800)
00007FF8FE320000-00007FF8FE459000 hmpalert.dll (Sophos B.V.),
                                  version: 3.20.2.2019
00007FF943E30000-00007FF943EF1000 KERNEL32.dll (Microsoft Corporation),
                                  version: 10.0.19041.4842 (WinBuild.160101.0800)
00007FF942270000-00007FF94256D000 KERNELBASE.dll (Microsoft Corporation),
                                  version: 10.0.19041.4842 (WinBuild.160101.0800)
00007FF93F1F0000-00007FF93F284000 apphelp.dll (Microsoft Corporation),
                                  version: 10.0.19041.4842 (WinBuild.160101.0800)
00007FF941EC0000-00007FF941FC0000 ucrtbase.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FF9440D0000-00007FF94426D000 USER32.dll (Microsoft Corporation),
                                  version: 10.0.19041.4717 (WinBuild.160101.0800)
00007FF941FC0000-00007FF941FE2000 win32u.dll (Microsoft Corporation),
                                  version: 10.0.19041.4894 (WinBuild.160101.0800)
00007FF942A30000-00007FF942A5B000 GDI32.dll (Microsoft Corporation),
                                  version: 10.0.19041.4474 (WinBuild.160101.0800)
00007FF942100000-00007FF942217000 gdi32full.dll (Microsoft Corporation),
                                  version: 10.0.19041.4717 (WinBuild.160101.0800)
00007FF941FF0000-00007FF94208D000 msvcp_win.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FF943240000-00007FF94326F000 IMM32.DLL (Microsoft Corporation),
                                  version: 10.0.19041.4474 (WinBuild.160101.0800)
00007FF943D60000-00007FF943DCB000 Ws2_32.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FF943BA0000-00007FF943CC3000 RPCRT4.dll (Microsoft Corporation),
                                  version: 10.0.19041.4597 (WinBuild.160101.0800)
00007FF941340000-00007FF9413AA000 mswsock.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FF933180000-00007FF933658000 wininet.DLL (Microsoft Corporation),
                                  version: 11.00.19041.4717 (WinBuild.160101.0800)
00007FF943F10000-00007FF943FAE000 msvcrt.dll (Microsoft Corporation),
                                  version: 7.0.19041.3636 (WinBuild.160101.0800)
00007FF943320000-00007FF9433D0000 advapi32.dll (Microsoft Corporation),
                                  version: 10.0.19041.4597 (WinBuild.160101.0800)
00007FF943270000-00007FF943310000 sechost.dll (Microsoft Corporation),
                                  version: 10.0.19041.4597 (WinBuild.160101.0800)
00007FF941E90000-00007FF941EB7000 bcrypt.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FF936640000-00007FF9368FE000 iertutil.dll (Microsoft Corporation),
                                  version: 11.00.19041.4894 (WinBuild.160101.0800)
00007FF942600000-00007FF942953000 combase.dll (Microsoft Corporation),
                                  version: 10.0.19041.4717 (WinBuild.160101.0800)
00007FF942960000-00007FF942A0D000 shcore.dll (Microsoft Corporation),
                                  version: 10.0.19041.4522 (WinBuild.160101.0800)
00007FF936610000-00007FF936638000 srvcli.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FF941130000-00007FF94113C000 netutils.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FF941B30000-00007FF941B62000 SspiCli.dll (Microsoft Corporation),
                                  version: 10.0.19041.4239 (WinBuild.160101.0800)
00007FF93FD20000-00007FF9404C3000 windows.storage.dll (Microsoft Corporation),
                                  version: 10.0.19041.4894 (WinBuild.160101.0800)
00007FF9415E0000-00007FF94160E000 Wldp.dll (Microsoft Corporation),
                                  version: 10.0.19041.4780 (WinBuild.160101.0800)
00007FF943110000-00007FF9431DD000 OLEAUT32.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FF944350000-00007FF9443A5000 shlwapi.dll (Microsoft Corporation),
                                  version: 10.0.19041.4355 (WinBuild.160101.0800)
00007FF941BB0000-00007FF941BD4000 profapi.dll (Microsoft Corporation),
                                  version: 10.0.19041.4355 (WinBuild.160101.0800)
00007FF9268C0000-00007FF9268D7000 ondemandconnroutehelper.dll (Microsoft Corporation),
                                  version: 10.0.19041.4355 (WinBuild.160101.0800)
00007FF93AF10000-00007FF93B01D000 winhttp.dll (Microsoft Corporation),
                                  version: 10.0.19041.4717 (WinBuild.160101.0800)
00007FF93FB20000-00007FF93FB32000 kernel.appcore.dll (Microsoft Corporation),
                                  version: 10.0.19041.3758 (WinBuild.160101.0800)
00007FF941020000-00007FF94105B000 IPHLPAPI.DLL (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FF93CFB0000-00007FF93CFBB000 WINNSI.DLL (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FF943100000-00007FF943108000 NSI.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)

Process Trace
1  C:\Users\Administrator\Desktop\ConfigChase.exe [688]
2  C:\Windows\explorer.exe [3460]

Dropped Files
1  C:\Users\Administrator\Desktop\Victorâ
回复

举报

asdfnbbj
发表于 昨天 22:26 | 显示全部楼层
360扫描报毒
回复

举报

GDHJDSYDH
发表于 昨天 23:26 | 显示全部楼层
红伞 kill
回复

举报

superLYT
发表于 昨天 23:40 | 显示全部楼层
EIS解压不杀,双击不杀。话说这VT都红了一片了,ESET怎么还没反应
回复

举报

LingGao
发表于 昨天 23:58 | 显示全部楼层
Microsoft Defender

“ConfigChase.exe”
Trojan:Win32/Znyonm!rfn

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

啊松
发表于 半小时前 | 显示全部楼层

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

jxfaiu
发表于 28 分钟前 | 显示全部楼层
解压秒


本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-12-20 09:01 , Processed in 0.080802 second(s), 3 queries , Redis On.

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表