HKTL_VulkanRaven_CallStackSpoofer_Jul22

Rule Info

Minimum Yara
1.7
Tags
['HKTL', 'EXE']
Name
HKTL_VulkanRaven_CallStackSpoofer_Jul22
Description
Detects VulcanRaven CallStackSpoofer - PoC implementation to spoof arbitrary call stacks when making system calls
Rule Hash
ba2f9faef739ea7cb0738fb025f0176e
Score
80
Required Modules
[]
Author
Florian Roth
Date
2022-07-05
Av Ratio
16.36

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
19
Suspicious (< 10 engines)
26
Clean (0 engines)
1

Rule Matches

Timestamp
Positives
Total
Hash
VT
2022-09-22 23:39:46
16
67
32bf8c9cef8f1d8880c408464da0b6150690cc1ddfa914cb34082cf55d2180f9
2022-09-22 23:33:18
17
71
ba41a2961279e342c784e9ab77e967cced26a3e1b2abbbff692b1b5d2fefe3b2
2022-09-21 23:12:53
30
71
be622fa57ad77310cb4c9ed8fa8a2a9f0db06f3f07e02e6b95e83af7b4b05a40
2022-09-19 17:13:10
6
70
1b0d1fd6876a0e0bb95299f7e781d80f35ab2caf0097b6816a7c169b53cb0192
2022-09-14 05:07:26
22
71
b9f6519d2add618b62befda29a15b5c2c73a785838b937c7cce9698488020723
2022-09-12 15:00:42
23
71
b77399f19e33191bfcb3f3ed63122b730dbc7eb73eecc8fafc8f2023fde0742f
2022-09-12 14:55:19
22
71
96890f2b48ed2b79b57c0955033440fd21f0e3eb15fd245da8c7d08f091af090
2022-09-11 16:10:11
31
71
5aaff354c73e03f770f47642d405fb45380c59bd46030313ac03cbf2a706d5e5
2022-09-01 14:12:41
18
70
abd7624fad15be9fec1e194b611630bc7763c0560a74b5be7004aa9fc4491c1e
2022-08-25 14:36:34
22
70
8fff06805609947dd608c8e11a2a9349024a1d0c834799e4d18206a548b7d468
2022-08-19 23:53:46
8
71
0c31114b80ddddac6e1d067c73dd8d8c46ded313eb329279c751d09ddaa6614e
2022-08-19 23:47:14
6
70
7ab722bcacba3d3e45beb740b3753b335bdae8b1e73091564bd0cc9cd8cae1c6
2022-08-19 23:40:24
6
68
ecfe713e1af9d4c4f0a8ba9edf8d7d885d92566002e5a17d2b10df487c8933a6
2022-08-19 22:11:15
5
70
680cf046ed93339ebd68ab7879a93d8abf1d4e5dc0ee08a57b196682fdd6e3c3
2022-08-19 21:24:48
5
69
454c069e914303de3fe9c07847e0f9775f1f0d1724e75b0f92709a41d750268f
2022-08-19 21:11:54
3
70
cd8afbf3fcd90314894f7414edd30bc6e0a71fee1c4c4aa7cf8443b1b4272315
2022-08-19 21:10:14
5
70
433cef7c84f11f155362dca45991ef80ad23fe0f5ee16cd1b9db90bf386f7c6e
2022-08-19 20:35:11
5
70
0924a95e3925aa0bd5d33dfd0890f4d4ba0b9b765fa98cbbe9992f2f2c5aece5
2022-08-19 20:27:40
5
70
23988ccb37fd54e11406741bb8f93bfc8074ae3205311b05da8c7e60093b24ec
2022-08-19 20:17:51
5
70
c4937653573c96de90a146b89a2c97f3a22f5ecdffdbdcff6c6f9fbcfd774b2e
2022-08-19 19:47:09
4
69
8869a6863b95140839027927fb474425a7fdd29e4357b1d2ef301ec139f1390d
2022-08-19 19:38:14
4
70
01dacf922c7510b81ab2670da0e5d7d83952fbb55ae2fcc2c4c6937fa882ba49
2022-08-19 19:23:30
5
70
ddb30e65ce19d5bce5938f637de76b01262472a542bf71b2873bbb01cc660d5c
2022-08-19 12:49:52
4
70
532d4a63d87d30eea3a44f83b6ebf60fc3f193d849f8a543103b4faea2a16e79
2022-08-19 12:39:41
4
70
6456f89211ffaf9d65b87a6534b220ed95e5346d95dce55e9c078d1ef5158a00
2022-08-19 12:21:44
5
70
ad0ab1b2e4e6786a657f514d765862209150758c5c306f959f5d22a9944c1ee0
2022-08-19 12:06:48
4
70
b5be790f03cd2a8d3fcb08ba61805cb0221873be890901df0af6fbd7bf67a236
2022-08-19 12:03:37
6
70
6f21d47289962e6f2c8be40f7b86d4c4313b43fc2472a9eb4b35f45e52099151
2022-08-18 18:03:47
6
70
db09fcded6d85f0e8503ca0016ba1f9e47e332c366f03377c77bbd5a0e2ecd11
2022-08-18 17:40:14
4
70
0b53516192625b96ff6f550d409da1adb77342c3a75fb437bada72b708f62f97
2022-08-18 17:05:35
4
70
337de0c7df6b105b44609932130633692b9b1b29c1d1e6e3352952f54dd0b90b
2022-08-18 16:51:52
5
70
331076558ffde8d1200f58495c35e9d8a70ce372a5fa700125d80b96abf56553
2022-08-18 13:21:12
5
70
6c900162f0a2b44388d3ca49cbe0542c6acc56c0a27d05e2b25a2a05f6a6a70d
2022-08-14 03:00:35
22
71
eaf4312fc88de272788a1e5ed1692810642da96cfd0e9d37f35fe5c0a8253a62
2022-08-13 00:00:03
1
70
f2155f5693751a5825292bd0da2411c54330604706ef958778b2dd1b47183c93
2022-07-29 16:55:26
8
70
87204a71f037f541487f3fb1393c69653ff81a47562a1cdb374d70f5ba02634d
2022-07-29 16:38:26
11
71
e4a2ab49ce4925caec4447221bc7352a05fce1098522b60b87c728b72eac12d2
2022-07-21 23:27:26
26
68
a1300ec44f2cae8c9aacdcf54510116b9ce6429330615d1e88775aaa8dd4a233
2022-07-19 15:27:06
24
70
a459566b347cde6a8b646f2047d89eb313372ab95f456faae181e1919cc0cfde
2022-07-18 18:02:35
0
58
b20561616dd8530dea43495b60fa9ba000a45832eb4b24289c7aa45bf2e6cd00
2022-07-13 08:26:13
24
69
08b0377a3f68906c532a294721cd0629a2bec4450955fdd3d8b9353c6441e203
2022-07-11 18:26:07
15
67
4420361984ed694c6eb82299f1faa919cbea7b22ccf946647b0a48b4154dd0da
2022-07-11 18:26:06
17
68
5248137eba76bf94d7aa0b7c8e6f95af398b4a91caa0a866d661931627260463
2022-07-10 17:36:54
14
68
23bfd2022e16feab0df970005a72357a232f7e878db834ca820fc8726e23fcc5
2022-07-08 14:19:59
28
69
87998b8b30ee073b12f439408a5c79650869677d45b9e5bae11fed754668e1c9
2022-07-06 16:04:48
15
68
c7130692419e8515486a07463637661a75aa49ca71089fcb371c297674f28c4a

Rule Matches per Month (last 24 months)