“师傅”网银木马技术分析与防护方案 – 绿盟科技技术博客
Tags
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Rundll32 - T1085 |
Common Information
| Type | Value |
|---|---|
| UUID | ad9cb0c9-418f-41b5-8e60-58fde665738e |
| Fingerprint | 96a7fd5effe26a56 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 1, 2017, 6:31 p.m. |
| Added to db | Jan. 18, 2023, 7:37 p.m. |
| Last updated | Nov. 17, 2024, 10:40 p.m. |
| Headline | “师傅”网银木马技术分析与防护方案 |
| Title | “师傅”网银木马技术分析与防护方案 – 绿盟科技技术博客 |
| Detected Hints/Tags/Attributes | 24/1/102 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 9 | cve-2016-0167 |
|
| Details | Domain | 372 | wscript.shell |
|
| Details | Domain | 1 | mxakulvhjn.run |
|
| Details | Domain | 6 | cloud.nsfocus.com |
|
| Details | Domain | 12 | download.windowsupdate.com |
|
| Details | Domain | 46 | vk.com |
|
| Details | Domain | 119 | yandex.ru |
|
| Details | File | 115 | win32k.sys |
|
| Details | File | 1 | 通过注入svchost.exe |
|
| Details | File | 1 | 比如vmtoolsd.exe |
|
| Details | File | 74 | vmtoolsd.exe |
|
| Details | File | 28 | vmwaretray.exe |
|
| Details | File | 14 | vmusrvc.exe |
|
| Details | File | 14 | vmsrvc.exe |
|
| Details | File | 44 | vboxtray.exe |
|
| Details | File | 30 | dumpcap.exe |
|
| Details | File | 40 | ollydbg.exe |
|
| Details | File | 11 | importrec.exe |
|
| Details | File | 14 | petools.exe |
|
| Details | File | 11 | idag.exe |
|
| Details | File | 13 | sysanalyzer.exe |
|
| Details | File | 11 | sniff_hit.exe |
|
| Details | File | 3 | scktool.exe |
|
| Details | File | 8 | proc_analyzer.exe |
|
| Details | File | 5 | hookexplorer.exe |
|
| Details | File | 2 | multi_pot.exe |
|
| Details | File | 17 | idaq.exe |
|
| Details | File | 74 | procmon.exe |
|
| Details | File | 22 | regmon.exe |
|
| Details | File | 64 | procexp.exe |
|
| Details | File | 9 | peid.exe |
|
| Details | File | 30 | autoruns.exe |
|
| Details | File | 15 | autorunsc.exe |
|
| Details | File | 4 | imul.exe |
|
| Details | File | 4 | emul.exe |
|
| Details | File | 4 | apispy.exe |
|
| Details | File | 3 | hookanaapp.exe |
|
| Details | File | 6 | fortitracer.exe |
|
| Details | File | 19 | joeboxserver.exe |
|
| Details | File | 19 | joeboxcontrol.exe |
|
| Details | File | 1 | c:\sample\pos.exe |
|
| Details | File | 1 | 则获取kernel32.dll |
|
| Details | File | 41 | sample.exe |
|
| Details | File | 1 | c:\analysis\sandboxstarter.exe |
|
| Details | File | 3 | c:\windows\system32\drivers\vmmouse.sys |
|
| Details | File | 3 | c:\windows\system32\drivers\vmhgfs.sys |
|
| Details | File | 3 | c:\windows\system32\drivers\vboxmouse.sys |
|
| Details | File | 3 | c:\popupkiller.exe |
|
| Details | File | 2 | c:\tools\execute.exe |
|
| Details | File | 65 | python.exe |
|
| Details | File | 27 | pythonw.exe |
|
| Details | File | 8 | perl.exe |
|
| Details | File | 29 | autoit3.exe |
|
| Details | File | 1 | c:\programdata\3e7205a8.exe |
|
| Details | File | 1 | c:\users\hello\pudf5f0.tmp |
|
| Details | File | 1 | 则创建一个挂起的wuauclt.exe |
|
| Details | File | 1 | 否则就创建一个svchost.exe |
|
| Details | File | 92 | c:\windows\system32\svchost.exe |
|
| Details | File | 1 | 442843c9.exe |
|
| Details | File | 1 | 在开始菜单中创建common.js |
|
| Details | File | 229 | advapi32.dll |
|
| Details | File | 130 | ws2_32.dll |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 185 | shell32.dll |
|
| Details | File | 1 | sophos.bat |
|
| Details | File | 1 | debug_file.txt |
|
| Details | File | 37 | dnsapi.dll |
|
| Details | File | 1 | dnsgetcachedatatable.dll |
|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 533 | ntdll.dll |
|
| Details | File | 9 | null.sys |
|
| Details | File | 3 | srclient.dll |
|
| Details | File | 1 | run%s.dat |
|
| Details | File | 1 | c:\\sample\\pos.exe |
|
| Details | File | 1 | c:\\analysis\\sandboxstarter.exe |
|
| Details | File | 1 | c:\\analysis c:\\insidetm c:\\windows\\system32\\drivers\\vmmouse.sys |
|
| Details | File | 2 | c:\\windows\\system32\\drivers\\vmhgfs.sys |
|
| Details | File | 2 | c:\\windows\\system32\\drivers\\vboxmouse.sys |
|
| Details | File | 1 | c:\\idefense c:\\popupkiller.exe |
|
| Details | File | 1 | c:\\tools\\execute.exe |
|
| Details | File | 1 | c:\\perl c:\\python27 api_log.dll |
|
| Details | File | 19 | dir_watch.dll |
|
| Details | File | 18 | pstorec.dll |
|
| Details | File | 54 | dbghelp.dll |
|
| Details | File | 2126 | cmd.exe |
|
| Details | File | 1 | comspecconsolewindowclass.exe |
|
| Details | File | 1 | %windir%\\system32\\sdbinst.exe |
|
| Details | File | 1 | %windir%\\system32\\sndvol.exe |
|
| Details | File | 1 | syssndvol.exe |
|
| Details | File | 1 | %u.tmp |
|
| Details | File | 21 | runas.exe |
|
| Details | File | 5 | %systemroot%\\system32\\svchost.exe |
|
| Details | File | 1 | %systemroot%\\system32\\wscript.exe |
|
| Details | File | 20 | snxhk.dll |
|
| Details | File | 83 | sbiedll.dll |
|
| Details | md5 | 1 | f25528baf3d68444fa7d7fda382e9835 |
|
| Details | md5 | 1 | ebf3e72f8b698bbb0d026416d7a75a6a |
|
| Details | md5 | 1 | e98459c647a6e328c8b65945884ef29a |
|
| Details | IPv4 | 1 | 92.222.80.28 |
|
| Details | IPv4 | 1 | 78.138.97.93 |
|
| Details | IPv4 | 1 | 77.66.108.93 |
|
| Details | Url | 6 | https://cloud.nsfocus.com/# |