钓鱼下载网站传播“游蛇”威胁,恶意安装程序暗藏远控木马 | CTF导航
Tags
Common Information
Type | Value |
---|---|
UUID | 420bb94b-5492-4671-b7b0-09aeaed7679d |
Fingerprint | 2aa6a10c546bc834 |
Analysis status | DONE |
Considered CTI value | -2 |
Text language | |
Published | Dec. 8, 2024, midnight |
Added to db | Dec. 21, 2024, 4:27 a.m. |
Last updated | Dec. 21, 2024, 4:27 a.m. |
Headline | 钓鱼下载网站传播“游蛇”威胁,恶意安装程序暗藏远控木马 |
Title | 钓鱼下载网站传播“游蛇”威胁,恶意安装程序暗藏远控木马 | CTF导航 |
Detected Hints/Tags/Attributes | 2/0/22 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://www.ctfiot.com/220713.html |
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 426 | ✔ | CTF导航 | https://www.ctfiot.com/feed | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | File | 1 | 在内存中执行嵌入其中的1.dll |
|
Details | File | 39 | 1.dll |
|
Details | File | 1 | 将恶意程序复制到该文件夹中命名为svchos1.exe |
|
Details | File | 1 | 第一段shellcode在内存中释放执行rpctsch.dll |
|
Details | File | 1 | 第二段shellcode在内存中释放执行dll1.dll |
|
Details | File | 1 | programdata9.ini |
|
Details | File | 1 | aaa安装9.exe |
|
Details | File | 1 | userspublicdocumentsmmsvchos1.exe |
|
Details | File | 1 | 并命名为svchos1.exe |
|
Details | File | 1 | 分别从指定url处下载4.txt |
|
Details | File | 1 | 和7.txt |
|
Details | File | 1 | rpctsch.dll |
|
Details | File | 6 | dll1.dll |
|
Details | File | 1 | drivestop.ini |
|
Details | File | 1 | 将符合条件的剪贴板内容保存至stop.ini |
|
Details | File | 1 | drivedesktop.ini |
|
Details | File | 1 | 将符合条件的剪贴板内容保存至desktop.ini |
|
Details | File | 1 | drivemark.sys |
|
Details | File | 1 | programdata中创建9.ini |
|
Details | Pdb | 1 | userszzdesktoprpctschreleaserpctsch.pdb |
|
Details | Pdb | 1 | userszzdesktop截图releasedll1.pdb |
|
Details | Url | 2 | https://vs2.antiy.cn |