MAL_MSIL_NET_DuckTail_Stealer_Loader_Jun23

Rule Info

Name
MAL_MSIL_NET_DuckTail_Stealer_Loader_Jun23
Author
dr4k0nia
Description
Detects DuckTail stealer .NET loader
Score
80
Reference
https://blog.cyble.com/2023/05/17/ducktail-malware-focuses-on-targeting-hr-and-marketing-professionals/
Date
2023-06-16
Modified
2026-02-10
Minimum Yara
3.5.0
Rule Hash
4bfa8d3bae06b77da8133be739f126c6
Tags
['FILE', 'MAL', 'EXE']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/mal_msil_net_ducktail_stealer_loader_jun23/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
4
Suspicious (< 10 engines)
0
Clean (0 engines)
0

Rule Matches

Timestamp
Positives
Total
Hash
VT
2026-05-26 07:58:49
31
69
1f56331a8db0d7e2761c2e7fbac9bdf4df9c3cd9815a8016e58e92f0acad33a1
2026-05-23 09:23:34
15
72
579cd11dccdd3edc077e75d8d386659bf0bd0a9ebba58572078178cda7b6a238
2026-05-09 00:36:24
32
68
cc5483d21c84ac73c410194205b529d6190b322b8da49577ee36ae9d8878c0c3
2026-03-24 19:58:25
18
72
6dd451a2ff5f3b6fcab700d94483bac2c358ebad038aa37da3bc64660a5a090d

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022