MAL_MalDoc_Qbot_Apr21_1

Rule Info

Name
MAL_MalDoc_Qbot_Apr21_1
Author
Florian Roth
Description
Detects Maldocs used in QakBot campaign
Score
75
Reference
https://twitter.com/ffforward/status/1382354648154181636
Date
2021-04-16
Minimum Yara
1.7
Rule Hash
a87711abc591326758b2e1007fca4f5f
Tags
['MAL', 'QAKBOT', 'FILE']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/mal_maldoc_qbot_apr21_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
13
Suspicious (< 10 engines)
23
Clean (0 engines)
0

Rule Matches

Timestamp
Positives
Total
Hash
VT
2024-01-11 10:25:56
19
61
6a95a51f75ddc9d6c10dad3ed0d5039061316812af83ffcc7c8ba6fcc1de5988
2024-01-11 10:20:07
18
60
12f1b97225c34ad122d3d79eff5125f66969903f895dfc9ccd16fb3daf8554ff
2023-09-24 19:07:19
7
60
4578a5e2c7ac4c33de195f32128731009727d889a9b9763f5c92911e5a16764b
2023-09-23 21:35:34
26
62
ee1e81fcd5e336fd2d19cc9eb0a5a8f796613f387b1b7216106d7130da0ea3cf
2021-04-17 13:10:19
9
60
e1ae58fb11dbb45e4423a586cd2231f7b4d4568fb28bd04cf5ccafbd2f021f06
2021-04-17 13:06:36
13
61
84ad1a12dfbb0d223a04c900ceb7ba6e35190d3f0746b7f6d69d5051a78052d2
2021-04-17 13:04:14
11
62
85df50f084bc76f0cee6e54d7c4fabd47e101ad6bfe15b523e593fe5e0866079
2021-04-17 12:26:01
9
60
de05fe3df4e1470088b9e39b4badb1bb2875dc70c318fd4789e3a612dbf47f9b
2021-04-17 12:23:16
9
62
dfaaf72979d58c42702aa471d550c1e27e8c8bbd284cbb01c8e961bef1e5f879
2021-04-17 12:19:15
11
62
832bb239e458288ec6bcff51653b482594544302add11fb905557e2fda712b5a
2021-04-17 11:47:04
9
62
da35f2dc4d141c82e00174509627c97093696f07efcd2299450dd2638846e899
2021-04-17 11:22:26
10
62
d405ef14f3cc938eb85013578104c2a3d971e43e223b13fdfb9f5f577724d6a1
2021-04-17 10:17:38
10
62
c90e3321560c4ad0aeb65994455358e2be43458da5642bdfa65284cb16a5741f
2021-04-17 09:55:07
7
55
b9674e0f9f9a1939df2060ca121a152fa5d07a57991fde7a27753ae887d94617
2021-04-17 08:19:16
10
60
ac7336b4018ee48efae41086e1697a98fa29113816091a136be1b18359d61314
2021-04-17 08:15:54
10
61
acab3374295638eee31f3d8969dc71b260b40a92408dbe9a3803b7e775553f91
2021-04-17 06:02:48
14
59
20f01fad78d40aff4be99bb2fb60d0225bbc6743d10b8159a7f497c316e1888d
2021-04-17 05:54:44
8
61
9012c63aabce11389ea18e34eba73af6152acd9ea0365974b6974d4dab6fb557
2021-04-17 04:46:28
8
62
145bc82cd0e9365b022a4de2c0b73ab186334701613d8c710c265789c159113c
2021-04-17 03:53:32
10
62
8afb655249a45a4db0383b829e277ec1588cf4935e87af7f436efaa3fe349f2d
2021-04-17 03:19:07
9
61
026cfb27136463b0130f2841f066ad857d747ff4267471da75dee3f63180f307
2021-04-17 02:44:32
8
61
7bc4ed0730d714150157715feb0f00730dfc87f7fca274f8b7651ca3094f5a0f
2021-04-17 02:42:25
9
60
78f3d28ea987f523710ce323f04f4510f6d5e84d378fde05d46d108742b7db9a
2021-04-17 02:26:32
8
62
761f802e4ac4714e4887856d895bf753506e4047b3a0ed8c286e50ea2e3871cf
2021-04-17 02:21:29
9
62
741f4c6778e74dec1d09bcf886e1e5b15d52311ba65eca08026a1b873163e4fe
2021-04-17 00:43:10
8
62
6be742843f0471abee5a8429ff74cb589053fceac157e7d8ff531f11fdb29369
2021-04-16 23:18:43
7
60
5a687fe3af5660429597c6ef2da0499ec3b007791b12d907ac6a660a3dd89dbd
2021-04-16 23:12:10
9
61
55c464754991b5e931152f465f78cc56b64cfc2371f866ff88571d3b589e914b
2021-04-16 22:13:15
10
62
4ca499805246fa6bb31e49ec79ea2f7b354b3d6c617fae30303bf9f9b79ba83e
2021-04-16 21:20:33
9
61
435c5502a20439b993a34433042673283834cda033ac91ba212b071d1cc186a7
2021-04-16 21:17:16
8
62
41e1a30ca09a409965cab3b5ca348ad2cae6180acf842ae13d06cdcd47a07ec2
2021-04-16 21:15:41
9
60
428344cedfcdd007226d0ff46f4e2aba3344d8c681c740f3fb6215f705e0f137
2021-04-16 20:28:00
7
61
35f803a8895a2090b1e7850534b0197f8a62766e6ccfdd3ea7587ea7202e80f4
2021-04-16 20:06:03
9
60
0fafb25b6841811bf146b578b25a291c784c1211f28bc08d102aee30d1058857
2021-04-16 19:56:14
7
59
34b0d3a242ae32a14053c83055f8e149961e8147fc85475d1237324df1f26707
2021-04-16 19:17:33
8
61
2b0b38b9c7778f4ea1e8687b6d2c79d05985e17f83992ec5bc355fe98c37402f

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022