APT_MAL_Patchwork_Loader_Feb25

Rule Info

Name
APT_MAL_Patchwork_Loader_Feb25
Author
MalGamy
Description
Detects a loader, seen being used by Patchwork APT group
Score
80
Reference
https://xz.aliyun.com/news/16843?time__1311=WqGxRDgG0%3DYQuD05o4%2BOxAhBDBnd5CF4D
Date
2025-02-24
Minimum Yara
3.5.0
Rule Hash
ce8cd66eb25d07ad29f0eb7db7e8d93c
Tags
['FILE', 'G0040', 'MAL', 'APT', 'EXE']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/apt_mal_patchwork_loader_feb25/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
2
Suspicious (< 10 engines)
1
Clean (0 engines)
1

Rule Matches

Timestamp
Positives
Total
Hash
VT
2025-12-26 08:08:38
0
73
ad56cb2f4b00aa53556aefb96928b748eb1083d3b99d93b332c64811d62e2108
2025-05-13 13:30:56
41
71
c526878565f4ef7a95252e910c1ce494fb8ea7a0f80576ea2ad28ad1d5015894
2025-04-29 15:49:09
2
73
6f65046a87c8b553180c40928e656c1feb445c863e80e5539a016c522f46ef5a
2025-03-03 18:09:46
54
73
c12deb8079c75ef4b96f4af778fbb811a5c766f0560d57d63d6772fbe76b6b33

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022