MAL_DLL_Stealer_Nov23

Rule Info

Name
MAL_DLL_Stealer_Nov23
Author
X__Junior
Description
Detects a DLL that steals authentication credentials - was seen being used by LockBit 3.0 affiliates exploiting CVE-2023-4966
Score
80
Reference
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a
Date
2023-11-23
Minimum Yara
1.7
Rule Hash
f63626023dc11fe757bb483146381713
Tags
['FILE', 'RANSOM', 'DEMO', 'EXE', 'MAL', 'CVE_2023_4966']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/mal_dll_stealer_nov23/comments
Community Rule
https://github.com/Neo23x0/signature-base/search?q=MAL_DLL_Stealer_Nov23

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
1
Suspicious (< 10 engines)
0
Clean (0 engines)
0

Rule Matches

Timestamp
Positives
Total
Hash
VT
2023-11-30 02:22:52
44
71
17a27b1759f10d1f6f1f51a11c0efea550e2075c2c394259af4d3f855bbcc994

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022