APT_MAL_DLL_Loader_May24

Rule Info

Name
APT_MAL_DLL_Loader_May24
Author
X__Junior
Description
Detects DLL loader related to sharp-dragon APT
Score
80
Reference
https://research.checkpoint.com/2024/sharp-dragon-expands-towards-africa-and-the-caribbean/
Date
2024-05-23
Minimum Yara
3.5.0
Rule Hash
713db96e5b9965678f08d7f7354f8c46
Tags
['APT', 'MAL', 'FILE', 'CHINA']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/apt_mal_dll_loader_may24/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
13
Suspicious (< 10 engines)
0
Clean (0 engines)
0

Rule Matches

Timestamp
Positives
Total
Hash
VT
2024-10-23 11:51:42
28
73
d7dac05da84c4230603c8a93551f013e9706eea37ac82aaedd9abab1359f2e30
2024-10-01 23:25:34
55
72
7b21b95c4256308e8089bff38d5d20845f2dc28fa9e536de979ceab9b7962afa
2024-06-22 14:10:32
39
73
aabae5040d52c72aabcd4fe07a9017900447fb9d0d43ea4fb757adfd355993a1
2024-06-20 10:15:39
45
74
e6faf05234ceaaba3bdcca60285a7ba83eea229a0ca241e94fb314a73ad98d87
2024-06-08 08:39:18
52
72
8e72c9517b0220f8ed6973cfc36f478fc7837fe536c5859554661bc1e7ee4254
2024-06-07 20:15:44
53
72
59a9d10eba81d62337f38d8f72a15f283e1f4bc9daa99fe0c08f780f3e4da839
2024-06-05 13:44:46
55
73
b952a459dac430d006a4d573612ca8474a410310792ea8141f9ab339214f4e57
2024-06-02 20:18:43
56
74
20a4256443957fbae69c7c666ae025522533b849e01680287177110603a83a41
2024-05-31 12:05:15
52
73
ea72011929dece4684a2dcb5b76f34cef437dbe50306f19c531d632bf26e7f32
2024-05-31 12:04:27
53
72
cc805511e106a9b5302a4db4bfbb98609aca3dcbd2f709aee8ae316f479dfd49
2024-05-31 12:03:31
54
71
e848355359de1e59901aa387f2d208889c368663438909fd3bb0a97566de2b2d
2024-05-30 05:37:05
57
73
1c2a10f282f1a24d88c74d8d324fb59b172cee4ee2e3e3996d9a62ba979812a6
2024-05-29 23:47:18
50
73
1db1cf2df0551762eaef0a92923da2f3d032663fdcb331d9474f5398b8ae4398

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022