MAL_Access_Accdr_Dropper_Feb26

Rule Info

Name
MAL_Access_Accdr_Dropper_Feb26
Author
MalGamy
Description
Detects suspicious Microsoft Access runtime database file dropper that utilizes Base64-encoded PDF payloads, XML DOM manipulation, and environment variable usage for file operations
Score
75
Reference
https://x.com/RedDrip7/status/2019243120131805198?s=20
Date
2026-02-05
Minimum Yara
4.0.0
Rule Hash
b350c72f10a13b7f67cb04fb03bfc357
Tags
['T1132_001', 'MAL', 'T1053_005']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/mal_access_accdr_dropper_feb26/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
0
Suspicious (< 10 engines)
5
Clean (0 engines)
13

Rule Matches

Timestamp
Positives
Total
Hash
VT
2026-05-12 07:35:28
1
60
95551fa9ee3cc0bb995d4eb87e97a3b43b17f56f96f94532a71cdb363fc2e929
2026-05-12 07:35:08
1
62
191f30a6472887884dadde2da73b9541f914a99d881e7f8b9575675198e32211
2026-04-29 12:50:43
1
62
5bbfc8583410300bbaccbce00887a86fbf1784785eea01411777cf674d7ef97d
2026-04-24 23:26:44
0
62
c6cf34f2ea6f1aa93703558f35897ad625ed506d29a0c9ae70f9c5691449c625
2026-04-24 19:47:16
0
62
fdd0b4f6550dd7be13cb46ec0e09090476b601670720c4e30f01b3bf17c6abe0
2026-04-21 06:15:17
0
63
0558b0376ea18c9870bd24cc8ee5d4f289e8d6f7a3b7364bfb2c5076654ee6a6
2026-04-06 18:53:07
1
63
d1e28a7f68b7c863aa4cf5fdcbd7db82192cf2b991a68827aad3c1f3fd6bbaca
2026-03-31 09:42:57
0
60
85fae6eb3d173274e59293d31d48c119608682862390f70d58b9ad7465dcbc1e
2026-03-31 09:32:05
0
62
563fd6ff3f767d8120731803aeec9e5f5fc3a26a48567ac57d95493ca18133ee
2026-03-30 15:36:54
0
62
a8a19ec2dce11d41e5fdf39949fd7c3382f55e202cfa441f3187d4092a6279c2
2026-03-25 12:00:04
0
63
988802fde751701b93e8d67c2abc0cddc0aa523bc8a633f457b01e092e9da221
2026-03-24 12:52:55
0
63
b793c39e3c9e06a310968ba18e73f0853b4e651bbc4bd8d82b6062c46b5c9dea
2026-03-24 09:45:24
0
63
359200a112936939f8b324bee7edc943e97cbf0677c8478bfa20b5b333a47663
2026-03-14 17:55:26
0
63
28b586cf4f84eeb6ced3e5b40451e0075b6b0250ab7936a1147f6858b217fae1
2026-03-14 17:40:14
0
62
6d92924ff3a1de18fe715c2e7432ee3db912696135f78b7627440ace6f94ecfa
2026-03-14 17:39:44
0
63
d597c488b73cde0938b464f93ed9eebf24e1ac4a885b1f41a8875aeb9272b664
2026-03-05 11:45:04
0
63
03d13193db718dd84b52b4b4025662707df264e5da04b52f6e71e3896c5ef974
2026-02-25 06:30:34
2
63
941011523ce613d6729e83febc1de7d3f907e116a29257f24610133e0a83d2a9

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022