SUPS_PS1_Encryption_Jan22_2

Rule Info

Name
SUPS_PS1_Encryption_Jan22_2
Description
Detects suspicious indicators found in malicious scripts that use encryption
Date
2022-01-21
Score
60
Tags
['SCRIPT', 'SUSP', 'T1086', 'T1059_001']
Minimum Yara
1.7
Author
Florian Roth
Av Ratio
10.3
Rule Hash
2f2c04de51eb95340514e7d84f9014ed
Reference
Internal Research
Required Modules
[]

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
15
Suspicious (< 10 engines)
29
Clean (0 engines)
14

Rule Matches

Hash
Total
Timestamp
Positives
VT
7562165fbdfb840f5860f6e74160d9afe18f6157203c8709d30499f46ab005c8
59
2022-08-16 15:52:48
15
298c277a45881cfb6a2870934fd9a47af99dca358a8dfc303c5e56719d5cdd34
60
2022-08-12 00:09:01
2
69021d936f696dba51f7a514a22b569d11ae76908299e5fe380ebbaff5655105
62
2022-08-09 16:41:21
39
7974612d55958423ed64268bc4df602c9cd67fff5c248a3d14dac06ed6b03f04
60
2022-08-05 11:16:56
6
682c7442e1db9b9103a95158cd44a6aa625756365a1a3baaa6a4e7d6e3707465
59
2022-08-03 11:27:49
28
3a5dc6cb8e151c9d70463ece5e915c885259186d524259379308327fec79f0ed
60
2022-08-02 18:32:48
23
89f17261507370a56b89b79a93df0039ee8cff6b95713d90efdd55a8be6e85eb
59
2022-08-02 04:19:15
16
e814c8fc49f3f84cffde1b16b0204f2d753bc5550a4aa896563a644365549227
60
2022-08-02 01:42:05
2
9dd443c26a2080827d1e3823fe955f92bf4691bdcf7656179fd04b3b60cb2736
60
2022-07-28 01:36:33
2
9144997b450e69639de5260d9dd46d4aeca72c98f6c122a0254245ce88e5c961
60
2022-07-28 01:31:17
2
1bc7128d454b38227a4eb54bc7a1e2ee27173fd937540e219e89be03c35a51a5
59
2022-07-27 18:22:13
17
52eefd290738de19aacdffeb3591027b3963b082d0ad7642c47429d32235ca9c
59
2022-07-27 06:02:44
0
6ab8cbbc8ee6ef80df43f40f03204ccfe49d0e6b6f0b00cc05ceb266925d65e7
60
2022-07-27 01:24:28
2
4e67eae70a6774019082d234414e16ce769011a256f51eb1ccbbd285e73f9415
59
2022-07-24 17:11:44
0
aa1cb532ba6f72e8b4375b6628af0250d347e72b248b3372912543c6909d4804
60
2022-07-24 01:25:55
2
dfb31d19e51f0a786e9b03f22a23844a43973bd65d64ada0d27c90495ef3ef48
59
2022-07-22 19:56:01
2
0594370719b48a59876f9e53f9d488e9cac22742e2a52186368981032c7d3905
58
2022-07-22 18:07:59
2
490d60cf8613e4df15845bae53e1d4cee76ba73869f5c7d52dcb88fbae9db983
59
2022-07-20 13:35:10
2
1db010ec80d93c1a310f653d15e59736e15e0104178a7c301a19897e932dafa3
56
2022-07-01 04:31:22
2
a9b01f4ad8094b5f090c5dbe584846dc9a7be22f8bdb8663d0d839b6576a881c
54
2022-06-23 05:55:01
1
c6315f101d7c9ba1501259ad37ebc289a9b95e47aef8d72b0543767115223e77
55
2022-06-16 12:11:06
0
3cdf0db7f60ff4c2375f33102369b4a0f7c06366b6cfd0e57a69b6f3be6425d2
56
2022-06-16 05:29:25
10
34ffb10591f365d58d2183fb5eab2d21a4fbd47275f24f136304349e2594b978
56
2022-06-07 22:53:40
0
208a7acae14a12c6b7c28fa90dc8cec1446be80feb3dcbc0d78e41c5377007c3
56
2022-06-07 02:34:10
0
0a888d41189ecac160f20947a796651e180239e28e4d4786528e821716d997cc
58
2022-06-01 23:06:27
17
9e6c7cdeaba44427017d79e37ae745a4b61872612f8e7b65ec42ecd92d367ba7
58
2022-05-16 16:07:48
2
9786f83b13dc15385d4836b5dea0484eab03753078ba676aac64a5ecf17f5321
57
2022-05-16 13:09:15
2
4e7fc764ed78b88f9732c882e651ba3948cb89e4cfcf141ccc1fd6138c100e40
58
2022-05-15 03:05:34
0
8ca4cb875012226c61ac93b87612da21b5e700d5de283cda2de07342013b8b22
58
2022-05-11 17:07:12
1
d8247ab05b24d81e32f634a0513d843f2176a52a0d771e7b37b50de6e4891b1e
57
2022-05-09 13:00:06
11
286bed484da57e5600dd612ede1014195d745fd8973943aea7ebcfe5ca1d26f6
58
2022-05-06 13:19:39
11
b805dc211f966402a0ad9399c46313bfc9ea57e8ae4dd753d4091789fccc503d
58
2022-05-06 13:06:06
14
fb320466ec67ceef99b767da8732564f3ae330a9e04d8d001055a39e8e9edc7c
57
2022-05-05 11:22:50
2
a674385bd5ca0736a72acec3e58bc934e8c819f395ca8604c72a96158c9e086b
57
2022-04-26 07:27:49
0
a38dea44527f7c86dbd6fbd398eb6d3d1fcd4c132bb20300c8dcdb723c086c45
58
2022-04-26 07:27:49
5
f90a7542ea4327f57411191b9bd8fb5de909f99bd41f9c99416bb148caa8cd84
58
2022-04-16 11:11:55
1
e56ffff52b3d8435d7500febdc2cf4257cede2b443eaf97225b97dbd8368c5b4
58
2022-04-13 12:18:31
12
1f6369b42a76d02f32558912b57ede4f5ff0a90b18d3b96a4fe24120fa2c300c
60
2022-04-08 13:26:46
40
c79f828d063060ecef0cfdc886e31e0fdc4d5250bdda414a0723f9ec1de09b4a
55
2022-03-04 20:28:25
2
b0398bf744229733e0b9af5c4b76349e9d6c13fe4574dfa2ebba5dc1adabc2c1
56
2022-03-04 20:13:22
3
4a0924a9993d34b7a4cfc7c06ec25045e154f37ff7fb0dfcb604a0ce0927058c
56
2022-03-04 20:07:06
3
55ebda33575444bd2137fe1f7bb081d8a6b205b177affc53601e3c074c5f2b01
56
2022-03-04 19:55:54
3
31e4cf5ac778a5ddfe3d2196a96b7ae29f683b7d6a68b13be511e9a463063438
55
2022-03-04 06:16:15
2
7f8b9c7786edeff0e169991c04c26a7ab966e0c4c5bcfd7f6e7a38f893c7665e
55
2022-03-04 06:16:14
0
06e808ec9a32a77f3e01e3aa1e984ff568f614ba5b85f78647d85fce579aa39f
56
2022-03-04 06:12:00
2
de2f7af3faa4705a355fd4a29e078d95b1933066e81ba08f7083eddc6201b3dc
55
2022-03-04 06:09:51
2
6dfdf2a655c926496a6a1abde609f374b4cc26a24ca83748316b5df1b35d6499
55
2022-03-04 06:03:19
2
ef49f5460e14ae23a0e294078bf6be4dcad4ebd3e0cb1757aba84a56a9bb8226
58
2022-03-02 02:59:17
0
3755a3f52000eb40b08ffc9ae62fab77cb7f26a4d3ea511f47a94b1c60d2e46d
69
2022-03-01 23:27:37
20
701e7ef458a439e167e226c36a2f929fc15b768fddaad51f0cceef68b41aef51
57
2022-02-26 04:08:07
0
e9f1672e239bd53bc51c358b5b564719f27df26e6f9fba5ae29340e1352d5a25
58
2022-02-20 09:41:29
0
bb5a4ec1f96f73c15168085808fca89f6b2129cd808e796e580f3eac527af457
57
2022-02-19 19:06:44
13
aaffba6d55fcb2e1321331b0d94afd938a8b1b5e595aaeac106a660d45b10881
69
2022-02-18 09:49:32
0
4074893f72d9a20dd8e8433b41f4191a75f1bcd69c3e8ad02db0f7d849ad657c
58
2022-02-17 02:25:20
0
1c463bd04ba0e4fcb482c134a43c4318927b6cc6315158f0043ce778125bea4e
63
2022-02-15 02:19:58
0
1ab3612ca30ed5a327f976a8f8ccfd5315b7a8567fe53c04c048202a2a568300
57
2022-02-10 02:14:17
3
8db2976bbf585a0bf27260b192779a18a1ef18263f02f18f1745ac0e5480c824
56
2022-02-09 00:19:14
3
3836c501af47faeceb9dd7077f131e11eb7ea9c3aa2a875df6535e5c2c6c4b4a
56
2022-02-05 17:09:45
3

Rule Matches per Month (last 24 months)