分析者: Melvin Jhun Palbusa   
 平台:

Windows

 总体风险等级:
 潜在破坏:
 潜在分布:
 感染次数:
 信息暴露:

  • 恶意软件类型:
    Trojan Spy

  • 有破坏性?:
    没有

  • 加密?:
     

  • In the Wild:
    是的

  概要

感染途徑: 从互联网上下载, 下载了其他恶意软件

它以文件的形式出现在系统中,可能是其他恶意软件投放的,或者是用户在访问恶意网站时无意中下载的。

  技术详细信息

文件大小: 362,496 bytes
报告日期: EXE
内存驻留: 没有
初始樣本接收日期: 2024年5月7日
Payload: 连接到 URL/Ip, 植入文件, 收集系统信息, 窃取信息

新病毒详细信息

它以文件的形式出现在系统中,可能是其他恶意软件投放的,或者是用户在访问恶意网站时无意中下载的。

安装

它植入下列文件:

  • %Temporary Internet Files%\Content.IE5\{Random Characters}\921e7ad-5b9e-4fca-97e6-c631b2636cc9.txt
  • %Temporary Internet Files%\Content.IE5\{Random Characters}\Up

信息窃取

它收集下列数据:

  • Operating System
  • OS architecture
  • Username
  • Number of processor
  • Running processes
  • Time Zone
  • System Driver
  • It gathers credentials from the following:
    • Browser(User Data)
      • Chrome
      • Epic
      • vivaldi
      • Browser360
      • Cococ
      • K-meleon
      • Orbitum
      • Torch
      • Centbrowser
      • Chromium
      • Chedot
      • Kometa
      • Uran
      • Liebao
      • QIP surf
      • Nichrome
      • Chromodo
      • Coowon
      • Citrio
      • Elements Browser
      • ChromePlus
      • Maxthon3
      • Amigo
      • Brave-Browser
      • Microsoft Edge
      • Opera Stable
      • Opera GX Stable
      • Opera Neon
      • Mozilla Firefox
      • BlackHawk
      • Tor Browser
      • Thunderbird
    • Email Clients:
      • Mailbird
      • yMail2
      • Opera Mail
      • TrulyMail
      • Pocomail
      • eM Client
      • The Bat!
      • Pegasus Mail
    • FTPs:
      • FileZilla
      • GoFTP
      • FTPInfo
      • UltraFXP
      • FTP Now
      • DeluxeFTP
      • FTPGetter
      • ALFTP
      • BitKinex
      • FTPBox
      • NppFTP
      • NovaFTP
      • FTPBox
      • BlazeFtp
    • VPNs:
      • NordVPN
      • AzireVPN
    • Instant Messaging Applications:
      • WhatsApp
      • Tox
      • Pidgen
      • Psi\Psi+
      • Signal
    • Password Manager:
      • Total Commander
      • NordPass
      • RoboForm
      • 1Password
    • Other Applications:
      • Snowflakes
      • NetDrive
      • Steed
      • Gmail Notifier Pro
      • MySQL
      • Sticky Notes
      • Notezilla
      • To-Do DeskList
      • Telegram Desktop
    • Browser Extension (e.g. Crypto wallet, Password Managers and Authenticator):
      • Binance Chain Wallet
      • Auro Wallet
      • MEW CX
      • Wombat
      • NeoLine
      • iWallet
      • Polymesh Wallet
      • Yoroi
      • Wallet Guard
      • Temple
      • TezBox
      • ICONex
      • Hana Wallet
      • MetaMask
      • Terra Station
      • Coin98 Wallet
      • Guarda
      • Nabox Wallet
      • Keplr
      • OneKey
      • ZilPay
      • TronLink
      • Ronin Wallet
      • Clover Wallet
      • Coinbase Wallet
      • LeafWallet
      • Phantom
      • Bitget Wallet
      • SafePall Extension Wallet
      • flhbololhdbnkpnnocoifnopcapiekdi - unknown browser extension
      • kkhmbjifakpikpapdiaepgkdephjgnma - unknown browser extension
      • Ledge Live Qoutes
      • ckdjpkejmlgmanmmdfeimelghmdfeobe - unknown browser extension
      • iodngkohgeogpicpibpnaofoeifknfdo - unknown browser extension
      • hnefghmjgbmpkjjfhefnenfnejdjneog - unknown browser extension
      • Keep Key Wallet
      • egdddjbjlcjckiejbbaneobkpgnmpknp - unknown browser extension
      • nihlebdlccjjdejgocpogfpheakkpodb - unknown browser extension
      • ilbibkgkmlkhgnpgflcjdfefbkpehoom - unknown browser extension
      • oiaanamcepbccmdfckijjolhlkfocbgj - unknown browser extension
      • ldpmmllpgnfdjkmhcficcifgoeopnodc - unknown browser extension
      • mbcafoimmibpjgdjboacfhkijdkmjocd - unknown browser extension
      • jbdpelninpfbopdfbppfopcmoepikkgk - unknown browser extension
      • onapnnfmpjmbmdcipllnjmjdjfonfjdm - unknown browser extension
      • cfdldlejlcgbgollnbonjgladpgeogab - unknown browser extension
      • Blocknative Gas Fee Estimator for ETH and MATIC
      • fdfigkbdjmhpdgffnbdbicdmimfikfig - unknown browser extension
      • njojblnpemjkgkchnpbfllpofaphbokk - unknown browser extension
      • hjagdglgahihloifacmhaigjnkobnnih - unknown browser extension
      • RoboForm Password Manager
      • Authenticator
      • Authy
      • Trezor Password Manager
      • EOS Authenticator
      • GAuth Authenticatorp68
      • Bitwarden Password Manager
      • KeePassXC-Browser
      • Dashlane - Password Manager
      • NordPass
      • Keeper Password Manager
      • LastPass: Free Password Manager
      • BrowserPassp
      • MYKI
      • Splikity
      • CommonKey
      • Zoho Vault
      • Adblock Plus
      • kmmkllgcgpldbblpnhghdojehhfafhro - unknown browser extension
      • ibegklajigjlbljkhfpenpfoadebkokl - unknown browser extension
      • ijpdbdidkomoophdnnnfoancpbbmpfcn - unknown browser extension
      • llalnijpibhkmpdamakhgmcagghgmjab - unknown browser extension
      • mjdmgoiobnbombmnbbdllfncjcmopfnc - unknown browser extension
      • ekkhlihjnlmjenikbgmhgjkknoelfped - unknown browser extension
      • jngbikilcgcnfdbmnmnmnleeomffciml - unknown browser extension
      • hcjginnbdlkdnnahogchmeidnmfckjom - unknown browser extension
      • ogphgbfmhodmnmpnaadpbdadldbnmjji - unknown browser extension
      • hhmkpbimapjpajpicehcnmhdgagpfmjc - unknown browser extension
      • ojhpaddibjnpiefjkbhkfiaedepjheca - unknown browser extension
      • fmhjnpmdlhokfidldlglfhkkfhjdmhgl - unknown browser extension
      • gjhohodkpobnogbepojmopnaninookhj - unknown browser extension
      • hmglflngjlhgibbmcedpdabjmcmboamo - unknown browser extension
      • eklfjjkfpbnioclagjlmklgkcfmgmbpg - unknown browser extension
      • OKW Wallet
      • Nifty Wallet
      • EQUA Wallet
      • Jaxx Liberty
      • BitApp Wallet
      • Enkrypt Crypto Wallet
      • GuildWallet
      • Saturn Wallet
      • Rabby Wallet
      • Pontem Aptos Wallet
      • Martian Wallet
      • Nami Wallet
      • Petra Aptos Wallet
      • Sui Wallet
      • Exodus Web3 Wallet
      • SubWallet
      • Polkadot
      • Talisman
      • Crypto.com
      • BitClip
      • Steem Keychain
      • Nash Extension
      • Cyano
      • Byone
      • OneKey
      • UniSat Wallet
      • Zerion Wallet
      • Manta Wallet
      • Fluvi Wallet
      • Fuelet Wallet
      • Leo Wallet
      • Leap Cosmos Wallet
      • Venom Wallet
      • Argent X Starknet Wallet
      • Braavos - Starknet Wallet
      • Shell Wallet
      • Cirus
      • Sender Wallet
      • Pali Wallet
      • Fewcha Move Wallet
      • MultiversX Wallet
      • Leather
      • Carax Wallet
      • Backpack
      • Pockie Wallet
      • Koala Wallet
      • Yeti: Web3.0 Blockchain Wallet
      • BlockWallet
      • Gate Wallet
      • Suiet | Sui Wallet
      • Ethos Sui Wallet
      • Nightly
      • Morphis Wallet
      • Elli - Sui Wallet
      • XDEFI Wallet
      • Typhon Wallet
      • Eternl
      • Lace
      • Fire Wallet
      • Alby
      • Xverse Wallet
      • OsmWallet
      • EVER Wallet
      • KardiaChain Wallet
      • Brave Wallet
      • Oxygen
      • BoltX
      • MultiversX Wallet
      • Keeper Wallet
      • Solflare Wallet
      • Goby
      • Coinhub
      • Frontier Wallet
      • Glass wallet
      • Compass Wallet
      • HAVAH Wallet
      • Magic Eden Wallet

窃取信息

它通过 HTTP POST 将收集的信息发送到下列 URL:

  • https:\{BLOCKED}ko.biz

  解决方案

最小扫描引擎: 9.800
First VSAPI Pattern File: 19.356.04
VSAPI 第一样式发布日期: 2024年5月22日
VSAPI OPR样式版本: 19.357.00
VSAPI OPR样式发布日期: 2024年5月23日

Step 2

对于Windows ME和XP用户,在扫描前,请确认已禁用系统还原功能,才可全面扫描计算机。

Step 3

注意:在此恶意软件/间谍软件/灰色软件执行期间,并非所有文件、文件夹和注册表键值和项都会安装到您的计算机上。这可能是由于不完整的安装或其他操作系统条件所致。如果您没有找到相同的文件/文件夹/注册表信息,请继续进行下一步操作。

Step 4

搜索和删除该文件

[ 更多 ]
有些组件文件可能是隐藏的。请确认在高级选项中已选中搜索隐藏文件和文件夹复选框,使查找结果包括所有隐藏文件和文件夹。
  • %Temporary Internet Files%\Content.IE5\{Random Characters}\8921e7ad-5b9e-4fca-97e6-c631b2636cc9.txt
  • %Temporary Internet Files%\Content.IE5\{Random Characters}\up

Step 5

使用亚信安全产品扫描计算机,并删除检测到的TrojanSpy.Win32.ACRSTEALER.A文件 如果检测到的文件已被亚信安全产品清除、删除或隔离,则无需采取进一步措施。可以选择直接删除隔离的文件。请参阅知识库页面了解详细信息。