钓鱼下载网站传播“游蛇”威胁,恶意安装程序暗藏远控木马 | CTF导航
Tags
Common Information
Type Value
UUID 420bb94b-5492-4671-b7b0-09aeaed7679d
Fingerprint 2aa6a10c546bc834
Analysis status DONE
Considered CTI value -2
Text language
Published Dec. 8, 2024, midnight
Added to db Dec. 21, 2024, 4:27 a.m.
Last updated Dec. 21, 2024, 4:27 a.m.
Headline 钓鱼下载网站传播“游蛇”威胁,恶意安装程序暗藏远控木马
Title 钓鱼下载网站传播“游蛇”威胁,恶意安装程序暗藏远控木马 | CTF导航
Detected Hints/Tags/Attributes 2/0/22
Source URLs
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 426 CTF导航 https://www.ctfiot.com/feed 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details File 1
在内存中执行嵌入其中的1.dll
Details File 39
1.dll
Details File 1
将恶意程序复制到该文件夹中命名为svchos1.exe
Details File 1
第一段shellcode在内存中释放执行rpctsch.dll
Details File 1
第二段shellcode在内存中释放执行dll1.dll
Details File 1
programdata9.ini
Details File 1
aaa安装9.exe
Details File 1
userspublicdocumentsmmsvchos1.exe
Details File 1
并命名为svchos1.exe
Details File 1
分别从指定url处下载4.txt
Details File 1
和7.txt
Details File 1
rpctsch.dll
Details File 6
dll1.dll
Details File 1
drivestop.ini
Details File 1
将符合条件的剪贴板内容保存至stop.ini
Details File 1
drivedesktop.ini
Details File 1
将符合条件的剪贴板内容保存至desktop.ini
Details File 1
drivemark.sys
Details File 1
programdata中创建9.ini
Details Pdb 1
userszzdesktoprpctschreleaserpctsch.pdb
Details Pdb 1
userszzdesktop截图releasedll1.pdb
Details Url 2
https://vs2.antiy.cn