详细内容或原文请订阅后点击阅览
打印机公司提供了半年的感染软件下载
无
来源:G DATA _恶意软件XRed IoC
XRed后门:531d08606455898408672d88513b8a1ac284fdf1fe011019770801b7b46d5434
SnipVex IoC
SnipVex 病毒:39df537aaefb0aa31019d053a61fabf93ba5f8f3934ad0d543cde6db1e8b35d1
SnipVex BTC 钱包:1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygj
SnipVex 运行键:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ScdBcd
SnipVex 运行键:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ClpBtcn
SnipVex 文件路径:
mega.nz 上的下载链接
hxxps://mega[.]nz/folder/TNAWTDKL#zR5Atn68a807Qn17FjXFxA
hxxps://mega[.]nz/folder/zBgEiY4K#veoSD-6LgC12yZdqs1G_Ow
hxxps://mega[.]nz/folder/3MBG0Rra#eebBaK_Fu6bJs3ZBIhUFiQ
hxxps://mega[.]nz/folder/yEBVBbwY#0qxlY0S_DXosumSxP38nVg
hxxps://mega[.]nz/folder/zM413Jbb#crz2GQgj2EFAut4vxfS8Ag
hxxps://mega[.]nz/folder/eMxjWAgT#r1YEU0KYupfcoBKQQrenSQ
受感染文件、路径及其 SHA256 哈希值列表
F13 Pro\2.software\PrintExp_X64_V5.7.6.5.77.2024.06.25.Single.zip → 84ef938a63641cf95a87ceaeb3b4893eb720fb5b42a5f42021c29ba11bda0f39
F13 Pro\2.software\PrintExp_X64_V5.7.6.5.77.2024.06.25.Single\PrintExp_X64_V5.7.6.5.77.Single\.NWReceive.exe → b14c855ad7600ac9fda2c46b290acac1342d0e08dc1a95901504d8c5aa206606
F13 Pro\2.software\PrintExp_X64_V5.7.6.5.77.2024.06.25.Single\PrintExp_X64_V5.7.6.5.77.Single\.PrintExp.exe → 4de65f542bc2a144d0e220e93f367c08bf008045fcc1fddbc4e54af62e7da847
F13 Pro\2.software\PrintExp_X64_V5.7.6.5.77.2024.06.25.Single\PrintExp_X64_V5.7.6.5.77.Single\._cache_NWReceive.exe → 332deb26f74b6e6633214fe3ca7e95e4c6861d6eac0f9a792c3f2154adea73c7
F13 Pro\2.software\PrintExp_X64_V5.7.6.5.77.2024.06.25.Single\PrintExp_X64_V5.7.6.5.77.Single\._cache_PrintExp.exe → 0f8bf833d6673dcba58347b9bde618969b948268d42fbb17d48f68cbc925109e
F13 Pro\2.software\PrintExp_X64_V5.7.6.5.77.2024.06.25.Single\PrintExp_X64_V5.7.6.5.77.Single\NWReceive.exe → bfb9d8af2c57f055c1e35effb1f42410238981bc16cee96f045aca50ff495550
F8\2.software\F8 打印机驱动.zip → 644c045bf502f502bcbf61bc0593dd54949058c4a7837725d1043172925056ba