HKTL_Empire_Win_CSharp_Dec19_1

Rule Info

Name
HKTL_Empire_Win_CSharp_Dec19_1
Author
Florian Roth
Description
Detects Empire CSharp launcher
Score
60
Reference
https://github.com/BC-SECURITY/Empire/blob/dev/lib/stagers/windows/
Date
2019-12-09
Minimum Yara
1.7
Rule Hash
7d6dae9a914f8a326ba6fa299d5f5966
Tags
['HKTL']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/hktl_empire_win_csharp_dec19_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
13
Suspicious (< 10 engines)
9
Clean (0 engines)
58

Rule Matches

Timestamp
Positives
Total
Hash
VT
2024-03-16 12:05:33
13
61
64dfc2876de2f92a6c026d7b8b86d742eb336276c29d43465302ebb537c2519e
2024-03-16 12:05:31
0
61
3ea02ddb143eaa8245cff20868ba50ff4993bdd6099b2328a89ff46f7a287916
2023-11-09 19:37:35
4
59
12f75903bf16d52a7d6d42e80bc187f93f1671306456695d518e585cc0788515
2023-10-25 20:46:23
4
60
26db89722683f5127d3513c9de815386ee179bc6c3584e778cfd526b6a01a53a
2023-09-28 02:26:51
18
61
a2e78d8587c5f919f3f79c3990b0776622430ee32a9595a71d33f8325d67c2b7
2023-09-06 19:03:25
3
60
c9d96e1d00bd0807304669ca2bdd2ae5873572684762946d622098f944f39fa4
2023-08-24 15:23:35
29
60
d57402dfd8b2c562d87744d1d251acf479aef5357cca6e230a1c45b6a4cc15cf
2023-08-23 13:08:00
0
59
cb73b4dceef8d3feb5588f42dfd2ffc7b4e940f5bf18d978ede4a35c81fe2c48
2023-05-04 04:19:09
0
58
b1d7e9a1a6679fa29e9c757720a47cb2a8f02aadecb317e3b2c85b6c307f12f3
2023-04-13 12:09:29
0
58
9b742b5df182004090dc48f86acdb4d56dea39404c6cb445a6d51a7051a8a68d
2023-03-12 10:13:50
26
58
d25524c89a30c53a0b777cf6a682b26e83ebc10baf9736e9165080b37f3efdbd
2023-03-08 09:50:27
0
58
c7f02ebeff5d4809f6b8f3b1dd86edef56a647f6889ac9d8b8e7577aa45324cb
2023-02-01 17:22:00
0
60
682b6ae14cb441e554336076bca6d2e9f4dc76c0f16b82ee27ae0920bd6bca08
2023-01-31 14:32:14
24
60
54888d1717991e295eeabd1c289eeefc931c004ac78c66252a9cf87dd2e738fb
2023-01-31 14:32:07
22
60
5cd77134ebb3a3526c92ced1a8b82d748e3f2fe04fb735aace47db0b036a4d10
2023-01-20 11:21:42
5
60
00921b71d69ef124cd0c2837af9303602d4fc5a2e4ddf68e31a84706c290f3a7
2023-01-17 02:46:46
15
60
ce962f4633818b04a98409164d8009c18181e79d0dc62b56e61eb319097b99b7
2022-12-17 01:59:51
0
61
559d6ef1e56b036b9fc8a1d663d7fdf7c78997b068f3a09cb09df192e014b644
2022-12-06 20:34:37
30
62
b502c16f152294246615308b580407ac75be994c4d7e129182dcad404eccc6ac
2022-10-27 12:09:33
30
62
122557138a74b9ef20c16d062c7babb8f1783fd2dc5ccf522df2c7510836ad61
2022-10-01 10:36:47
3
59
704a615f3f8ea6787ae1ee4f68011f70fad6e236b68134e4245f4bc941e6e524
2022-09-06 06:30:42
21
70
70bad429db0c1e24d2e96d9ff50eb58ff24369618bf81d25fbc221b85e50c1bf
2022-03-19 18:57:07
22
56
62549a860821fb6588fc70e5ebeeec055dea324cd6c12e147c39b585c72c6e5b
2021-12-12 16:11:17
0
55
35c75d8f7e47f48e641b118f9de9bbf7fa91b72d354b7efabd9061d0d39566cc
2021-07-26 14:54:53
38
69
6c59f4dcb35c371a0acae6e37493174158e7f33f16cd9a12602441dcbcd42a7c
2021-04-15 20:03:00
36
65
4fb84bbdd0f6bcb1f0fc99daff0d3cf8d7e4e8abbbe4f577abfe97090e873c32
2020-11-14 01:46:45
0
61
a4a3632ae2b516ece7cd6594b8f9de3aed67ac1f26950530701e7e3691b61ca6
2020-08-07 14:15:20
0
54
3ce2e2624bd12e8e62d7e987979a25733d99ef7cb30f78fd8a1b9a93fa4358ea
2020-08-07 14:15:13
0
58
86088d6e08df97349a34072ae0c0d5d2a1fa5e7128c0939e7137497f57b53340
2020-08-07 13:47:54
0
60
146953986fb518bae9793f4adf1d7f884e64265fc457ecf16d41bdb7899398f1
2020-08-07 13:47:45
0
55
51735297e35a8b9762046ea6fa6c8d91919fafc49d3a4514ad26007cabda9b7f
2020-08-03 18:19:07
0
58
2766a04b04ba34b24ac7c5afb0fa5d5bee241cef782f03dd1a04f99694da98bd
2020-08-03 17:41:17
0
59
860469bb84182fe7744f1d0eab9f778020c5c3251306ac749996981f0f2710d0
2020-08-03 17:31:01
0
58
9cb72ac24f2d4eb0c90e38b3fe61c03dfa5b571693e4574b6f9bf964328e9f3b
2020-08-03 17:22:43
0
59
9aa34a6a6f07fffb484c8f301e8527a9ba4645e7417db430610901c65a2c3cee
2020-08-03 17:19:48
0
59
d0dcfb16f65f1ece1671f192a79ca9c08a4bf082ba7fc3decf79b85d30e1168d
2020-08-03 17:17:53
0
59
9f4e6b29ffff2937b86b18e66327adb92b7124a9b54ad46fce979d37dd6027c2
2020-08-03 17:08:13
0
59
7e3e055a39c28f43e2a4d9d3abe66dbb9e7682973a3b5d73df528268a7e01ad3
2020-07-23 08:08:41
0
59
6b782fec241a3192991a7848493ec4540036dd516e3db68ae9294437d2dcf8e0
2020-07-23 08:02:35
0
58
094648808f08f410bf0eb17a59dc27be79ada0ab45e0762ee999722eba9c9e19
2020-07-23 07:58:41
0
59
bca91880e9dd6477723b51c0c68c41845484ef136b9bd35fb60aee236ce6fdba
2020-07-23 07:49:14
1
57
75b50676dac83f8464a4f58e79239e11beca3dc45af6bc60ff24138156a1912b
2020-07-20 14:24:57
0
59
7a9211e8cbb04b9ebbbc12030bd11df8b96b789114dec7bd759d22fd87a01ac4
2020-07-20 14:14:00
0
57
52ea15f096b6953e184a63535fafaeb8d5829cd35e75b58a650c691a8e48906f
2020-07-20 14:12:49
0
58
8dec3fc65df0da17e17422325993e1abada72375adddac03555d4eff1a3fb689
2020-07-20 14:05:30
0
59
657ecf32aa6d6c48381f4f88cf0bba4112829447af67925489269ceb2661fe50
2020-07-20 14:04:44
0
59
b2bfbdea785f5654055c1d141fd7c1384d68e284a5ec42c552b3afe982baa868
2020-07-20 14:04:43
0
59
b3482881cfb94d4cd13fedf4aa7a33af3104628eaeabb2fa6b96ca538c5c2244
2020-07-20 13:39:41
0
60
9cf86e5a0d64e9f2049f702840d884561e5583b7663ebb18b3fadbc801bec31c
2020-07-20 13:38:21
0
58
f16349e22c3d2b7d080b668e45c565001a8b9a5d9c2a03f37e05d09e32c2e518
2020-07-20 13:04:11
0
57
79904fcae675e6ca8fa621f72f6900b0521da085a7bfeec0633b6647f3e0e56a
2020-07-20 13:03:39
0
60
caaa030f9bef29d09825b739c529c0a152be70607ab22f1d0e7e6458a9f15551
2020-07-20 13:02:52
0
59
4971c670bc0a4dc7d859a505e15c2484200db1e0a7cbeef2b616e2f1f57ebbd8
2020-07-20 13:02:18
0
59
3524ed6b8587f1ca890414d07c4b9fa91903fca39d465961d11d4000dc095d00
2020-07-20 13:01:56
0
59
b0e9b33787688cb3008010574d1ac80bdd256b315f578dae2b870ba1eaab7b69
2020-07-20 13:00:28
0
58
c33313e2c5181e0c82aa0763c7ad58841d1f2bca67d8a38c5f5da202aaf7ce53
2020-07-20 13:00:28
0
57
5f25aa0837344b20a487a75d5618a4e2e706e161d3fee25e567f7b627f7117b7
2020-07-20 13:00:07
0
59
46be6e44b631dc90e65e35f64e6300df510ba9d6722215d79d184cfb61a27b22
2020-07-20 12:42:47
0
59
194f402d7af667151347647ba40bbf68a7122b94a49e61b415ff32b2060ec1ea
2020-01-13 19:36:09
0
52
f4480fd6304c4475c74e6fb2757748c13503b739be79bd52fe9ffe4f50f4cae6
2020-01-13 18:52:07
0
60
25246dc0a7914b5f7c677c1da65749fb3d222a697a5da1bee4c2273ea97c797d
2020-01-13 18:06:36
3
57
1de9243bd07d7b298361e4af3f8690d3bb6c0d3e3b04ac4455ee8f552e2c349e
2020-01-13 17:30:07
0
59
2e73418a3a77633b70e111991e0f7540d385017f9b4870c2d4b57b85b01923e4
2020-01-13 17:01:07
0
59
7db0621d30ecf7f1687fb80ad0161d1293531a5c1c158959b6388e8ae380aa23
2020-01-13 16:59:14
1
59
62ea8580687e6c9602c233b356931d9ae9194af893ea186fa43347050d4028e5
2020-01-13 16:12:15
0
58
c5bd57155879a75180a85639942e6b2656dffce1178ea8b71d60b70d75e9e938
2020-01-13 15:52:44
1
60
01a753e6ea0c754011acd673ce0b19dc537729b778273a049fe15de409d4f85d
2020-01-13 15:33:57
0
60
cdf04dbb24fc25d10940741861336a7329b16198be8deaa6b3e0eaa0b1840195
2020-01-13 15:33:51
0
58
73a5129774eb5f9d7e591957f056c2bf4454e85d3bf6d8d6a913ad164c322cc1
2020-01-13 15:18:37
0
59
2bcb7bdcc5c6511b832d6aea3b2757bffebe8171ddf064887ce96fa9b114fc59
2020-01-13 14:49:09
0
58
2128cb5ed71b9e1d6c39f733e253ffc5cc3cd960c08c9e882f54b8f5c43fdd1e
2019-12-11 12:53:38
0
57
bfb28e19edbe47aafd46f4572f54e0d0a5690efa98124a238741e82f0a2f2bb6
2019-12-11 12:34:35
0
57
67ef1a2a7d1a615537e569bf0dc72041660da64640886e4fad94d62aeae7da96
2019-12-11 12:29:36
0
57
cf2257e74fff0f101352e67f4052f860add2799c0a62852684d35adda4f0e29d
2019-12-11 12:19:09
0
57
86eb06f5cf68875c57d8b4baed559577821f7f87fe3a102fa48b7bf854d8a61b
2019-12-11 12:14:15
0
58
79a73c9f23ad34498254ad03643fecba3c1575f08dccb3b7515fca2b73e23253
2019-12-11 12:11:39
0
57
0b242f812c1d94ea7d908d468b50361dc43e6bce08f890fc78e5406266c66592
2019-12-11 12:09:10
0
57
470e8074014213c2e26408e0dd90c45bfec9493160de19f7cea2adab7c0e7d03
2019-12-11 12:00:09
0
56
3c75a5f6643095d010cb67baf764a91ed54c0a7648f59dd4321e5710ded0b7fe
2019-12-11 10:07:07
0
58
fc292e160153c23d073dc5e640bb26c5f2a4af4ab9d76e32f61238e3d62bfba3

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022