MAL_MSIL_NET_DuckTail_Stealer_Loader

Rule Info

Name
MAL_MSIL_NET_DuckTail_Stealer_Loader
Author
dr4k0nia
Description
Detects DuckTail stealer .NET loader
Score
80
Reference
https://blog.cyble.com/2023/05/17/ducktail-malware-focuses-on-targeting-hr-and-marketing-professionals/
Date
2023-06-16
Minimum Yara
1.7
Rule Hash
4bfa8d3bae06b77da8133be739f126c6
Tags
['FILE', 'EXE', 'MAL']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/mal_msil_net_ducktail_stealer_loader/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
54
Suspicious (< 10 engines)
11
Clean (0 engines)
2

Rule Matches

Timestamp
Positives
Total
Hash
VT
2025-09-09 09:04:30
16
71
523375106d3554d8534263fe6fb66f7d4ccc64a8e91f899b53c897fbe79a80b6
2025-09-09 08:14:53
29
73
aca4f27e993eec5fb7768326723a9254da001c078478dc3f9cca3f15d0081c38
2025-09-03 19:36:33
13
72
1746ff9011f9a0bc8e7097cb4ca5db0fd42e5817d07ead2540dbe17cf13981a7
2025-09-03 09:02:28
15
72
e9dc0cbeef985625cd25de6f522553087ffe3cee8d29510b484c21b34c14ecfd
2025-09-03 07:11:24
10
72
d4a82e4e5b4a46209bd0af3623c2d0714e83b8aaedb168aa143bee4449c15b9f
2025-09-03 07:08:43
20
72
e824238bf459eee47bea49d4370978884e2ad8aa0e6e97c2e627b8161f90c4ad
2025-09-03 06:03:26
16
66
e98cf6341747fa45419d0f42d28ee91ab527681df8d779ab122d9e36f3cbddc4
2025-09-03 05:13:42
6
58
56ae7935d160cca477f94de99f41c47f167e83c352568274b6b3f54cc5d4f845
2025-09-03 05:06:50
23
72
4221bb8eb08c4069fa755f32201e3abe7b4a56063b3a013b43cb6076267b39bc
2025-09-03 05:06:38
14
72
b31e430543b61969c17b587edb187d74e347abd43b0c2b640dfceb869b82b185
2025-09-03 05:04:34
26
71
367077edeaa30caaac50450dbe76333a506856b0876536e68131f8280cec49aa
2025-09-03 05:03:37
25
70
f880307c593c3ce28e648a2fb4a99b5b9c7a321dbba784ad6a4246aa59ca1c03
2025-09-03 05:03:33
15
68
f866f0c4dc01482d8bd5df6e346f101179e35e742dad551c1424d287992b7cef
2025-09-03 05:02:45
14
66
c90d00dc47193e7533f6ab0b81db9600b157c9d2e979d0868d678fbf6e3be6ad
2025-09-03 05:01:46
24
72
d36866f386aa4089ed9d42d0c8ef1f439b8d4d7063163c0c4a5f13d6d5cd862f
2025-09-03 05:01:11
15
67
bc350602137f089c9ec16f4a02617d5edfd3d6d6067a31b71194dff58b2578c7
2025-08-10 12:01:33
14
72
ba595cf509c6c654b356a04b4d29286a8aa7ce46e15b861cf6adffced27384ba
2025-08-05 05:09:58
13
72
5aa27fccb5e9a3ed64bf81cbe2e76a5ecd5f6ac7850997d9e680911e5bb187ca
2025-08-02 22:02:48
13
71
f34def3a262dd4133bbc4ea23c762170d653e3042d2603266cdfdb6e48c41c54
2025-07-09 13:42:12
34
71
cd5c66a206e92be1e7eb77d5cb69c63fc2acc9ffbfcf7031713c9fddca11b3e7
2025-03-24 22:51:57
14
72
1292d763a459bdd7415d327486cd0c6b35b171c38e2efed63ebc5ee87d7e85c1
2025-03-22 09:00:09
38
72
852dd5b25f2f7e19ffc25f948daa50ffb5320e9e40d8d532c4b90f440faeb8e2
2025-03-19 13:23:43
31
71
9645816e900d517a00a109b097e0830e3366487d92f0b38b264bd98b013c4769
2025-03-14 17:33:58
24
74
555ceae461857554c98f7a2f499bcfd9cd5d97b92c45bcd9aa7f73b88118b96c
2025-03-13 15:46:44
34
72
b7b90d350f32dafafa03a854bce3280b3a92551b685d37ff605818fd021c2197
2025-02-13 00:01:51
34
70
ace27f552f6d71ef07104ed63851f69839d489c78a8a021c56d5cebb8cb08c5a
2025-02-06 15:56:35
34
70
d47815447944b3489d42e859eea6778bf55805d4371db5b38924e4bafcaf0c3e
2025-02-05 11:05:19
33
70
a0cdedeb0915aa7bc241a484852135f59a45a3301db6cf192d12f8a583960515
2025-02-04 21:41:59
37
68
cc5483d21c84ac73c410194205b529d6190b322b8da49577ee36ae9d8878c0c3
2025-02-04 21:41:54
27
67
a4141aabe0d840356511dc8a8da53fa2aed9377207db76d28164f19fbc51b72d
2025-02-04 21:41:03
35
67
cb4f7c6a081c7f7b82a45656ee39c59a296677e193283e50a488f1cfc110798f
2025-02-04 21:40:54
32
67
bbf5cce821c35e622cf308364de8d34ee7ff4d188e5bcc0c2535a9c77a2f014f
2025-02-04 21:39:19
29
69
2f6bba2bf111a1d7462aee41511f6fb2ebaaff4468171c537b6f7c5b7bab702f
2025-02-04 21:39:14
36
68
f4e9feb547dcd6a233f71c7ad57a0759a584ae94a9e822a64831ed26cb32ecf4
2024-12-13 23:42:29
35
69
1f56331a8db0d7e2761c2e7fbac9bdf4df9c3cd9815a8016e58e92f0acad33a1
2024-07-15 20:24:35
22
73
e21f8770c82aaa008be4d22f78cf1bc68dc6883fdc1f6e14dc3035b34fa7b7c1
2024-07-15 20:22:53
17
73
1fb8298ec31f9815aaa4b863fc486948df0a8d5f5d8186ea55d222440a3acb8b
2024-02-16 09:35:55
29
71
01a9f22254d8b12b123c954ca00ecc55ac9dc6565da458a9f8f33150a3f930a8
2024-02-16 07:45:36
30
72
38109d5d6d3abdab2555de16150acd68d5c5822b7aaeecd2808fcc3b434c9831
2024-02-15 08:32:50
24
62
95a50f21576821b940842f93bacea47366075d542a8b515d4c350c2c80ec2e06
2024-02-14 05:04:54
28
66
4fcc1afbcf4ce244025f2ae852b1ada176ee24e3cbf1e64858c0e7e1867ee9fe
2024-02-14 03:11:52
29
71
1805f26864e9e27062f602705b3cf286e55debc27ac826bc11fa30b5a131fba3
2024-02-13 16:32:58
32
71
d58bf65080d1ead82a4b0bfbb1302587b5a30e2bbd7cbfe4124b0ed2e74d3423
2023-11-15 19:04:55
5
70
9cf88cfd198e0070bb24868ce56f260f55a4b227e266ebcb37fdb83183299ae5
2023-10-10 15:48:37
28
69
0efd2fa19128c0a5e0505693a08e6425fb5933c0db7b1ce20b9bad973b7ca6aa
2023-10-10 12:20:34
14
72
b650e419b98e9adb683f2fda3f17b61b96dbfa17451e41ddbb297cf0f9a20982
2023-10-10 11:58:56
26
69
aa60e49d0c37eb8ba8e33458090f7b8ef2262876aef6eb092ef660a2740afe77
2023-10-10 11:44:44
29
70
28c5a24c2c3f631a2c2300b894457163c5d2c7c537d786462eda0bf4365031ce
2023-10-10 10:39:57
28
70
4d0aa3b0e3c4ba2eab4d0bbadb0250782103156ce73c4c93ea329391c35d0371
2023-10-10 09:38:57
24
66
e01fc13627a977101d3780c3a5b312fe2924615111735a7404b03495c1f70cdd
2023-10-10 09:36:00
29
67
43cd20cd9f274ee01661737b668ad89218d8b16a56e12107d341b6b1c531fd4d
2023-10-10 09:29:11
27
71
0259a86c31572bd0d95d7b23045464276d93034a72cebeb2860fa650f390f4e1
2023-09-08 02:06:48
5
68
8ebfe7641aa4fdd50caa66eb3075d1c36571a4042d4efc9cbfa9207c8822487f
2023-08-01 11:29:15
12
70
dbee482992d4c39caba9a9d36cd5152b869e880b6e41577632ec0957bf2e78be
2023-07-20 14:14:00
1
60
60f8820fae86f0ce57f2d444f36e509cb1f1ef43ab6dede5acf19eb95c69a091
2023-07-20 11:16:14
30
71
0803763b6f63b0f4e7a64b4e7a2415c20feea30d0f14b52cf6a3451a8dbc542e
2023-06-30 06:18:25
7
71
993a6e1b7a8951e8e194010bd597fbc2a0c2dcd81a56075fb0efb6da5c531088
2023-06-29 16:07:21
4
71
f5a6f9b2b45eabe29229f7f3eb4d8ff5b4f5303f59bb44a07c2adcd2d1e3a8a0
2023-06-26 21:01:32
3
67
e8f5bae389e514093cd3d1a88ffafbe3615fb84f244c9ac61c7a9613c911a63e
2023-06-24 15:25:05
5
69
d27280102bd64cb36db81db07d41466649023a8b1acdb960129303b69cffee60
2023-06-24 15:23:58
2
69
e247fd3a2ae88fcb90b4d27b97e49b02594607fc50c03225b1f3f78c41398d66
2023-06-23 13:59:28
4
69
3ab2760f3f0bf7442fc3b7c4a1552332ab0cbb33917202d1cb8d1e27ec1828a6
2023-06-21 12:35:51
28
70
a702d855b83b0ebf3508e6bfbd29e210f027c561c46f7f80910db221d432aa07
2023-06-21 02:44:10
12
71
af69e9240b936030d7d5ccc245546f7c481dc3a6d49410c57c66bfb734324732
2023-06-19 23:15:01
6
71
6dd451a2ff5f3b6fcab700d94483bac2c358ebad038aa37da3bc64660a5a090d
2023-06-19 23:13:50
0
71
d676cfc1290f3cd5fcee220a8d3c9d4caa8312113e683325c994145df039a405
2023-06-19 19:09:44
0
69
81a5b0ffdb92bb77604fd7f08655cf252b14dac09b24616e5ed39dbd7572fe9c

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022