ƵµÀÀ¸Ä¿
Ê×Ò³ > °²È« > ÍøÂ簲ȫ > ÕýÎÄ

´«Í³°×¼ÓºÚÔ¶¿ØÄ¾Âí·ÖÎö

2019-12-09 10:11:20         À´Ô´£º[db:×÷Õß]  
Êղؠ  ÎÒҪͶ¸å

¸ÅÊö£º
²¡¶¾Î±×°³ÉÒ»¸öDLLÎļþ£¬QQÓÎÏ·Æô¶¯µÄͬʱ£¬²¡¶¾DLLÒ²»á±»¼ÓÔØÆô¶¯¡£²¡¶¾¼ÓÔØÖ®ºó£¬»áÔÚÄÚ´æÖÐÊͷųöÔ¶¿ØÄ£¿é£¬Í¨¹ý½¨Á¢±¾µØ¶Ë¿ÚÓ³ÉäµÄ·½Ê½£¬ÒâÍ¼ÈÆ¹ýijЩ°²ÈíµÄÍøÂçÀ¹½Ø£¬´Ó¶ø¿ØÖÆÄ¿±ê¼ÆËã»ú¡£
²¡¶¾Ä¿Â¼ÎļþÈçÏ£º

ÕûÌåÁ÷³ÌÈçÏ£º

 Ïêϸ·ÖÎö£º
1¡¢Æô¶¯·½Ê½£º
Ê×ÏÈ£¬²¡¶¾×÷Õß½«¹Ø¼üÎļþÈ«²¿Òþ²Ø´ò°üÁËÆðÀ´£¬Ö»ÁôÁËÁËÒ»¸ö¿ì½Ý·½Ê½£¬Í¨¹ýµ÷ÓÃCMDµÄ·½Ê½£¬´ò¿ªÄ¿Â¼ÏµÄQQÓÎÏ·´óÌü³ÌÐò£º

¶øQQÓÎÏ·´óÌü³ÌÐòÔÚÆô¶¯µÄ¹ý³ÌÖУ¬»áÈ¥¼ÓÔØÒ»¸öÃûΪ£ºfactory.dllµÄÎļþ£¬ÓÉÓÚWindows±¾ÉíËùÉ趨µÄDLL¼ÓÔØË³Ðò£¬Ä¿Â¼ÏµÄÕâ¸öfactory.dllÎļþ½«»á±»QQÓÎÏ·´óÌüËù¼ÓÔØ£º

2¡¢factory.dll
½«Ô­°æfactory.dllºÍÕâ¸ö²¡¶¾µÄfactory.dll½øÐбȽÏ£¬·¢ÏÖºóÕß¶àÁËһЩ¶îÍâµÄµ¼³öº¯Êý£¬×Ðϸ¹Û²ìÉõÖÁ»¹»á·¢ÏÖ£¬ºóÕßÓÐÁ½¸öµ¼³öº¯ÊýµÄµØÖ·¾¹È»Ïàͬ£¬Í¨³£Ò»¸öÕý³£µÄDLLÎļþ²»»áÕâÑù£º

ÔÚfactory.dllµÄµ¼³öº¯ÊýÖУ¬±»µ÷ÓõÄÊÇCreateFactorysº¯Êý£¬Õâ¸öº¯ÊýµÄÖ÷Òª×÷ÓÃÊÇÖ´Ðв¡¶¾µÄ³õʼ»¯°²×°²Ù×÷£º

 ÔÚ²¡¶¾µÄ³õʼ»¯°²×°²Ù×÷ÖУ¬»áÏÈ»ñÈ¡¼ÓÔØµ±Ç°DLLµÄÄ£¿éµÄ·¾¶£¬È»ºó¼ì²é´Ë·¾¶ÏÂÊÇ·ñ´æÔÚio.datÎļþ£¨±»¼ÓÃܵÄDLLÎļþ£©£¬Èô²»´æÔÚÔòÖ±½ÓÍ˳ö£¬²Â²âÊÇÓÃÕâÖÖ·½·¨À´·´×Ô¶¯»¯¼ì²â³ÌÐò£¬·ÀÖ¹±»·¢ÏÖ¡£ÈôÎļþ´æÔÚ£¬Ôò¶ÁÈ¡µ½ÄÚ´æÖУ¬È»ºó½øÐнâÃܲÙ×÷£¬½âÃܳöÀ´·¢ÏÖÊÇÁíÒ»¸ö¶ñÒâDLLÎļþ£¨Ô¶¿ØµÄºËÐIJ¿·Ö£©£º

´Ë´¦ËùʹÓõĽâÃÜËã·¨£¬Í¨¹ý¶Ô±ÈLZMAµÄѹËõËã·¨¿â£¨ÓÒ±ßÊÇLZMAѹËõ¿âµÄÔ´´úÂ룩£¬¿ÉÒÔ¿´³ö£¬×÷Õß²ÉÓÃµÄÆäʵ¾ÍÊÇLZMAѹËõ¿â£º

½âÃÜio.datÎļþµ½Äڴ棬²¢ÇÒÍê³ÉУÑ飨¼ì²éÊÇ·ñÓÐÕý³£µÄPE½á¹¹£©ºó£¬½«»á±»¼ÓÔØÖ´ÐУº

 ³ÌÐòÔËÐк󣬻áÈ¥»ñÈ¡Õâ¸öÐÂDLLµÄµ¼³öº¯ÊýµØÖ·£¬²¢ÇÒͨ¹ýÅжϵ±Ç°¼ÓÔØÄ£¿éµÄÃû³ÆÊÇ·ñº¬ÓÐcrossfire.exe×ÖÑù£¬À´Ö´Ðв»Í¬µÄ¹¦ÄÜ£¨ÒòΪ²¡¶¾³É¹¦¼ÓÔØÒ»´ÎÖ®ºó£¬»á½«ÎļþÃû¸Ä³Écrossfire.exe£¬ËùÒÔ´ÓÎļþÃû¾ÍÄܹ»ÅжÏÊÇ·ñÊÇÊ״μÓÔØ£©£º

3¡¢½âÃܳöÀ´µÄÐÂDLL
Õâ¸öÐÂDLLÓµÓÐ2¸öµ¼³öº¯ÊýQtxVGAºÍUpdate£¬´ÓÇ°ÃæµÄ·ÖÎöÎÒÃÇ¿ÉÒÔµÃÖª£ºUpdateº¯ÊýÓÃÓÚÊ״μÓÔØÖ´ÐУ¬¶øQtxVGAº¯ÊýÓÃÓÚ·ÇÊ״μÓÔØÖ´ÐС£
(1).Updateµ¼³öº¯Êý
ÔÚUpdateº¯ÊýÖУ¬²¡¶¾»áÊ×Ïȼì²âÊÇ·ñ´æÔÚ360µÄ½ø³Ì£¬Èô´æÔÚ£¬ÔòÖ±½ÓÍ˳ö¡£½Ó×Å£¬Í¨¹ý¼ì²é»¥³âÌ壨c91fbfd3142a697886£©µÄ´æÔÚ£¬À´ÅжÏϵͳÊÇ·ñÒѾ­±»¸ÐȾ£¬ÒÔÈ·¶¨ÊÇ·ñÊÇ·ñ¼ÌÐøÖ´ÐУ¬Èôδ¸ÐȾ£¬Ôò¼ÌÐøÖ´ÐС£

½Ó×Å£¬½«Í¬Ä¿Â¼ÏµÄÎļþÈ«²¿¸´ÖƵ½C:\Users\Administrator\AppData\Roaming\MenuStar£¬²¢½«¼ÓÔØÄ£¿éµÄÖØÃüÃûΪcrossfire.exe£º

ΪÁ˲»ÈÃË«»÷¿ì½Ý·½Ê½µÄÈ˲úÉú»³ÒÉ£¬²¡¶¾»¹»áÊÍ·Å´ò¿ªÒ»ÕÅ×¼±¸ºÃµÄͼƬ£¬ÈÃÈË·ÅËɾ¯Ì裬ͼƬ±»¼ÓÃܱ£´æÔÚÁËtemp,datÎļþÖУ¬½âÃܺóµ÷ÓÃÃüÁîÐдò¿ªÍ¼Æ¬£º


ͼƬ´ò¿ªÖ®ºó£¬²¡¶¾»áÒÔÎÞ´°¿ÚµÄÐÎʽÔËÐÐcrossfire.exe£¬²¢ÇÒÔÚÔÚCÅÌÏ´´½¨kwoyou.iniÎļþ£¬À´±£´æ¼Ç¼²¡¶¾ÔËÐеÄÈÕÖ¾£º


(2).QtxVGAµ¼³öº¯Êý
º¯ÊýÒ»¿ªÊ¼»áÈ¥¶Áȡ֮ǰµÄÈÕÖ¾Îļþ£¬È»ºó»á´´½¨Ò»¸öÏß³ÌÈ¥ÅäÖõçÄÔÉϵÄÍøÂç´úÀíÐÅÏ¢£¬Èç¹û´æÔÚ360µÄ»°£¬»¹»áÅäÖö˿Úת·¢£¬½«96¶Ë¿ÚµÄ·ÃÎÊÈ«²¿×ª·¢µ½116.28.191.115:96ÉÏÈ¥¡£
´Ë´¦ÉèÖö˿Úת·¢µÄÄ¿µÄ£¬ÊǺÍÄ¿±ê·þÎñÆ÷Ö®¼ä½¨Á¢SSHËíµÀÁ¬½Ó£¬´Ó¶øÈƹý·À»ðǽµÄÀ¹½Ø(²Â²â¡£¡£¡£)¡£½«±¾»úµÄij¸ö¶Ë¿Ú£¨96£©×ª·¢µ½Ô¶¶ËÖ¸¶¨»úÆ÷µÄÖ¸¶¨¶Ë¿Ú£¨116.28.191.115:96£©£»±¾µØ¶Ë¿Úת·¢ÊÇÔÚlocalhostÉϼàÌýÒ»¸ö¶Ë¿Ú£¬ËùÓзÃÎÊÕâ¸ö¶Ë¿ÚµÄÊý¾Ý¶¼»áͨ¹ýSSHËíµÀ´«Êäµ½Ô¶¶ËµÄ¶ÔÓ¦¶Ë¿Ú¡£


½Ó×Å£¬¾Í½øÈëµ½ÁËÔ¶¿ØµÄ¹Ø¼üº¯ÊýF_HackKernelModule_0ÁË¡£
ÔÚF_HackKernelModul_0ÖУ¬Ö÷Òª°üº¬ÁËÁ½·½ÃæµÄÄÚÈÝ£º
1¡¢»ñÈ¡¼ÆËã»úµÄIP¡¢Ãû³Æ¡¢ÏµÍ³°æ±¾ºÅµÈÐÅÏ¢£¬¼ÓÃÜË͸øºÚ¿Í¡£


2¡¢¸ù¾ÝºÚ¿Í·¢À´µÄÖ¸ÁִÐÐÏàÓ¦µÄ²Ù×÷£¬È磺¹Ø±Õ×¢Ïúϵͳ¡¢¶ÁȡģÄâ¼üÅÌ¡¢Êó±êµÄ²Ù×÷¡¢ÆÁÄ»¼à¿Ø¡¢ÐÞ¸Ä×¢²á±í¡¢ÏµÍ³·þÎñµÈ¡£

¾ßÌåÈçÏ£º
1¡¢¶Ô¼üÅÌ¡¢Êó±ê¡¢¼ôÇаåµÄ²Ù×÷£º

2¡¢¶ÔÓ²ÅÌÎļþµÄ²Ù×÷£º

 3¡¢¶Ôϵͳ·þÎñµÄ²Ù×÷£º

 4¡¢¼Ç¼°´¼ü¼Ç¼£¬²¢±£´æµ½dump.logÎļþÖУº

 5¡¢¶Ô×¢²á±íµÄ²Ù×÷£º

6¡¢»ñÈ¡ÆÁÄ»¼à¿Ø½ØÍ¼£º

²¡¶¾µÄÔ¶¿ØµØÖ·Îª£º116.28.191.115:947£¨ÒÑÏÂÏߣ©¡£ÁíÍ⣬²¡¶¾ÔÚÓë¿ØÖÆ¶Ë½¨Á¢Á¬½ÓÊÇ£¬²¢Î´Ö±½ÓÁ¬½Ó£¬¶øÊÇÔÚϵͳ±¾µØÀûÓÃnetsh£¬´´½¨ÁËÒ»¸ö±¾µØµÄ¶Ë¿Ú´úÀí£º

 ²Â²â´´½¨¶Ë¿Ú´úÀíµÄ×ö·¨£¬ÊÇΪÁËÒþ²ØÆäËù´´½¨µÄÍøÂçÁ¬½Ó£¬µ±Óû§ÔÚ²é¿´ÍøÂçÁ¬½Óʱ£¬²»»á±»·¢ÏÖ¸ÃÁ¬½ÓÊÇÓɲ¡¶¾×ÔÉíËù´´½¨£º
ÉÏһƪ£º¡°¾µÏñɱ»ú¡±½Ù³ÖÊ×ҳľÂí·ÖÎö
ÏÂһƪ£ºEmotetÒøÐÐľÂí·ÖÎö±¨¸æ
Ïà¹ØÎÄÕÂ
ͼÎÄÍÆ¼ö

¹ØÓÚÎÒÃÇ | ÁªÏµÎÒÃÇ | ¹ã¸æ·þÎñ | Ͷ×ʺÏ×÷ | °æÈ¨ÉêÃ÷ | ÔÚÏß°ïÖú | ÍøÕ¾µØÍ¼ | ×÷Æ··¢²¼ | Vip¼¼ÊõÅàѵ | ¾Ù±¨ÖÐÐÄ

°æÈ¨ËùÓÐ: È«·å°²È«ÁªÃË--ÖÂÁ¦ÓÚ×öʵÓõÄIT¼¼ÊõÑ§Ï°ÍøÕ¾