SUSP_BAT_Defender_Exclusion_Path

Rule Info

Tags
['SUSP', 'T1132']
Name
SUSP_BAT_Defender_Exclusion_Path
Minimum Yara
1.7
Rule Hash
1a978846c77ddfc9aa23bc27ef30cd36
Av Ratio
8.29
Score
60
Author
Florian Roth
Date
2020-12-03
Description
Detects suspicious Base64 encoded domain ip-api.com/json
Required Modules
[]
Reference
Internal Research
Virustotal Matches
https://www.virustotal.com/gui/search/susp_bat_defender_exclusion_path/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
9
Suspicious (< 10 engines)
21
Clean (0 engines)
14

Rule Matches

Hash
Timestamp
Total
Positives
VT
37a7d6dba4d7adf532f84b7018ca56b6c15bfd34cdc9c22c9219dbb616868963
2021-06-15 12:28:46
67
0
eba26248625a7a0bbe3c10ce4304525419b91b0fde736945e0a1e65630ca5ea4
2021-06-10 02:05:42
68
2
4942d1b6e38dc68bc06da4d66ba23544b7f8f2387f99009d3eb2910f71d0b404
2021-06-10 02:05:12
69
9
69e5ce740bab229db2adcb12d8ef414c138e571084763ac9e84ab81ff06de7e6
2021-06-08 10:18:01
62
1
ceafdbf435117c3ad673f1c1f3e142e7f4684e5762e2990b2bdbbf122a15f740
2021-06-07 17:33:20
58
2
357ea1fd9ffe025ddda2567362ee22d2b709ee868c3f119c3964bab4365764ec
2021-06-04 11:49:07
58
1
eadab161e95165a797632666a2b70e8c97ec65622b5da5cbe29eddcf9b72547e
2021-06-01 17:52:27
58
0
248ceebea64fb4a24be02db3f197e6d43734aa84a6315f03b3c3cc0455b97886
2021-05-30 20:20:07
70
6
47721176adc1754e8c964e7df28ace4d84d4a9fa5eaf6a12ce8c514047fc5312
2021-05-30 20:15:32
69
12
a3e6bcc1e0ee93a32fa5dc37a73c6ba02aa8e02b83ec16e83ffc00bed060e604
2021-05-30 20:14:51
70
6
40debb8bd22d032207fc8381e1697161c664bd53c6cdf9ae08b59fded3b66157
2021-05-30 19:07:42
70
6
e5d81f4add101e2909a2eb4f95398db551b6500092835e03293511a922fdbab9
2021-05-30 18:21:59
69
12
ee7088a68c5e9fbd16071ca35a2d36bb0ba6c871d4079186eedab48b288a940e
2021-05-25 00:58:42
58
0
5835085300ac792888933fdb7b4752673ad558218a13fd2f53937691d7a98f27
2021-05-15 20:20:33
58
3
495343467d6957f5157ee8b6bc4010756ed27bd62e0c8d72c3e7d16e1d8da378
2021-05-10 21:53:59
61
6
a155283f914bc9a77d33dbf6375a75d4bc6bc2eca52186a9d8bbdca80b20fa9f
2021-05-10 21:51:39
58
5
bbc7c502e703fb9fb1651e6a580868beac5904b11b715da5a4c5784f982c5bde
2021-05-10 21:51:38
60
2
f6063486646756aab785022efdb17aed5b080a1b28f368412b34d73006e2699d
2021-05-07 14:43:21
58
12
dd78736bbbcbe15115fe22ba69f93af2e10376a9d3c81c80268291f961f6eca3
2021-05-03 22:20:22
69
3
3d8de1f5f2d0c5788d9d4611efadbb3dee0d35c1598372deaf6f4f3815c9af27
2021-05-03 22:15:59
69
3
cb6fd1f301e5a52cd801db832e9c88f06f64400c06cf9f12afd1376456a09d2e
2021-05-03 18:58:46
58
0
d520329415f0173854a053ea16384439d0f8dad1487f8b990edbf30e989bdd8d
2021-05-03 17:22:46
57
1
9280416a5c19de6838254f8ba97932adebc61bb58d58af27954e9cb7f931ab63
2021-05-02 18:57:08
57
15
140ed446f2d375ce4dbaa329ad1d672ceb05d5d92bc0a1124ac061f291c2ead2
2021-04-27 13:18:18
58
0
2547fa3cebd875385bde2a94a01bc1c503ab7f61bc611d604b747d0d6a1b0c3c
2021-02-17 21:41:56
57
2
f243226c26bef74495e7c2f8523275e1e90231d071f878641ea4c65d45671095
2021-02-11 16:58:15
70
17
8d15271aa236c1cff0311237a997115d56252971c605ec4cdc95ba8befc5556e
2021-01-27 16:11:44
59
0
f28a363dbc572f4ce6fde8c4b271f3d1310238f246016f0db9ecc242d2941ae8
2021-01-26 18:33:26
59
10
c8546044c159ef7cb47c6d09fb075594d28e5d40a5acf8cf34bbac4abebe35c8
2021-01-19 00:10:20
70
7
92c2a1200f5651560dd81d2a91353c4f7e6fa14708ef91affafd574fee5bec13
2021-01-17 20:30:29
56
1
f58ed5f71dc7eba82dbf0c7556dd1f1958bb3d3c4d08fad0d960eba5437de56e
2021-01-12 15:55:15
60
0
00cb3c44425fdd50bad96a49cf8e850689089d9b260f1710818404c7de487f73
2021-01-11 18:18:36
70
3
6fca92e0d7539a00d88b644688828ed4b8663b8f35f4727432f2384389bfc799
2021-01-11 14:10:26
60
0
a12cf6524afe0488368254c3d0e15cce9cb6a676370dae60af113a9e78961fe3
2021-01-08 13:49:01
69
3
5e0bbffebb00e489ef95045af53a2c2b54f8ae9dba17bcde849162f9a3d8051d
2021-01-06 10:21:41
60
0
ebd63e019fac9422f8d750d6935e5f1ee9623d29f3f5c1f3732a8d69455fbfd9
2020-12-30 19:07:33
60
0
c6157863520c27b8e46185684c7ce23aff769668ac0c27823f7c6683b7699b61
2020-12-30 15:40:47
71
25
6b5344e68174c02f91559ee167ca799da46652d7591bfd72afeda5f2d078ea21
2020-12-30 14:12:20
69
44
e82683f803be8c6afd5afe2fd32e8227a58f547086c3a4eec4bc74caf19d53a8
2020-12-29 16:46:49
60
1
03663a38e7d6128264084bdfd3b1fefc148a8f82fc470798d17b6dcc2ae0ff6e
2020-12-28 10:16:03
60
0
6dcae613c50ce7efa4c32cfb40d00bb0096aba1ac2e985bc6d326845415f093c
2020-12-21 11:42:25
60
0
a355be24a5ee4f292554d143f0aedce4622056b807546cc5b22b769432494a66
2020-12-20 20:24:58
69
0
7745b3db218601300551ffe0f04f9723e3bd7801d5d90a3448bf9be4a77d181d
2020-12-17 18:21:49
60
0
150dd44c5ae3c8336eba0f6ee725beb3e680490a903ed2f3fd5ff758a8c67a47
2020-12-07 17:01:19
70
22

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2020