瑞星卡卡安全论坛

大家好:kaka1:我新注册了这个账号，省着搜索引擎爬我126邮箱:kaka6:
这回碰到个邪门的了，邮箱附件写着大小是713.98KB，下载下来就成了0KB，传到VT上看真是众说纷纭:kaka7:

VT hash：e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

发件人：Tom Chui  shipsupp@shipsupplier.co.kr

收件人：undisclosed-recipients:;<>

Dear sir/madam,

We have a request to order the following products as listed in the attachment

Please provide an offer urgently and also take note of the items marked in yellow will be ordered in high qty.
please provide us with the best price and provide also payment terms.

Looking forward to your urgent response.



Best Regards,


Tom Chui / Oversea sales manager

#1419-4, DaeJeo-1Dong, GangSeo- Gu, Busan, Korea

Central Maritime Co.,Ltd

DIR TEL : +82 51 971 0780 / COM TEL : +82 51 971 0777

Mobil no : +82 10 9944 1831

FAX no : 82 51 972 0773

Email : shipsupp@shipsupplier.co.kr

Web site : www.shipsupplier.co.kr


THIS RFQ IS ISSUED IN ACCORDANCE WITH THE TERMS & CONDITIONS OUTLINED ON
OUR COMPANY WEBSITE UNLESS OTHERWISE AGREED TO IN WRITING.

HAZMAT MATERIALS MUST BE SEPARATELY PACKED, MARKED AND NOT COMBINED WITH
OTHER GOODS

ShipServ Service Delivery Team
support@shipserv.com

附件: 2019.12.12 DEF malware.zip

已转相关人员分析，稍等哈

文件大小为0，没有入库意义。原附件可能被杀毒软件或者反垃圾邮件网关过滤了

抱歉给你们添麻烦了，刚刚换浏览器试了试，这回下载成功了。果然之前弄得有问题，不过和邮箱、杀毒软件没关系，是Firefox的问题，见下两图
不知道Chrome下载会不会这样的提示，但通过Chrome调的迅雷倒是好好地把文件下载下来了
我就说网易邮箱应该还没那么高级:kaka5:，虽然之前为了点小事还开了个VIP
VT：1145802ccf63da50b3e4539fb7f1a4b52bb8c676b89928211dd262d0b27e6cee  安全云终端miss。
看不到传上去了啥，再加个链接：https://www.lanzous.com/i7zprdc  压缩包密码infected。



 附件: 您所在的用户组无法下载或查看附件

附件: 1.jpg

附件: 2019.12.13 RFQ 100241.zip

Hello，这个文件经分析是Lokibot木马（我们后台的鉴定器也给出了同样的判断）
云端已经自动置黑，感谢反馈