SUSP_CryptoCoin_Miner_Keywords_Dec21_1

Rule Info

Description
Detects keywords often found in cryptocoin miners
Reference
Internal Research
Tags
['SUSP']
Date
2021-12-23
Required Modules
[]
Rule Hash
f78d0ce1da961a2a1559cfca5d7d8f13
Score
65
Av Ratio
9.52
Name
SUSP_CryptoCoin_Miner_Keywords_Dec21_1
Author
Florian Roth
Minimum Yara
1.7
Virustotal Matches
https://www.virustotal.com/gui/search/susp_cryptocoin_miner_keywords_dec21_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
5
Suspicious (< 10 engines)
23
Clean (0 engines)
5

Rule Matches

Total
Timestamp
Hash
Positives
VT
58
2022-05-17 05:35:19
07cd68e1b5a74366859b50e750dad73d06347f390306b8d78577b7471b40cdb2
0
58
2022-05-04 13:48:44
4eaf5dcc9fbf9c50cec3a704bdee3a18205860cfc87001d3425ad620ec870fe7
4
58
2022-04-21 01:37:18
522e36448393266aa5fbb1a6b9e8c0a635ed4819d3a98dcc4fa38709fd546eb1
8
57
2022-04-18 19:09:36
273110afa656ff2fb8926ad9bec42977ad606fc81e06afccc0e3b132092e4082
2
58
2022-04-15 16:23:14
e0a09abe150bd548d7830df257e50027c79fcef7bd6d92c4220f48bb4c9cc942
0
56
2022-04-04 18:39:58
c8a5a8a7f4204fcf6ff6b75f62443e3aa0ebbcbb86b7a3642da2270c03c129f9
0
57
2022-04-04 12:41:22
57375e5d331ed567ca2da98b126ac585ff7829d15c31ad98eb452339e3ba1d05
24
55
2022-04-02 01:21:38
2ac20bab747310cbece0c08984a060debacd57ec86c82679e8e31767306e0fea
0
55
2022-03-18 07:47:04
7ba723d34af2fec8f648720ac5292b0bfaa09e2594f9ae80314b7fc6e4761f5b
0
58
2022-03-03 10:09:46
451a4cbb6b931d8bb8392f08e7c9ec517b1b1ef06f42e1c8105e4feaafd6b157
14
59
2022-03-01 17:10:44
7bb1bd97dc93f0acf22eff6a5cbd9be685d18c8dbc982a24219928159c916c69
27
58
2022-02-26 13:54:08
128d243c250f66315ce8163f42cd08fd9b2877685e9bcc85992f6e222c48e7aa
2
56
2022-02-26 01:24:25
69db3286b4570897e6ca734770592e1cb21f9903bc757208e075b7c51d8c1524
9
47
2022-02-24 17:10:42
a2ceeff0677483f652f8cf15973a32f3ddf8205b3b5adabdcb9823878c57d76f
11
48
2022-02-18 14:47:59
e12b077128172666350096b49c9927fc4ca57b5cf2481735530e493dbe0421b4
2
58
2022-02-08 19:32:28
52731ca0e3f9052efb9b80cabd6b4b740689f478cd5fb726e2a9f3d22c171f43
3
52
2022-02-06 19:22:35
2dcd4fcb8737f529f46180493396959da1366eafae2b45e783638a9b156f63cb
9
51
2022-02-04 00:13:38
d4fc394b858df73e85c1531ebe0133c8a62f70a6adea8855238c0c9bf9fc5144
11
56
2022-02-02 14:38:43
53065ede36c92d480831ce1066f16a8c47a0d2d4a768a2ef352a1a1c03cd1f9d
4
58
2022-01-31 11:45:07
200712bbfa16417ab61f8fadff511244ccb1b1e8898809aaf3c74c16f536dbbf
4
56
2022-01-21 21:31:32
9e3f065ac23a99a11037259a871f7166ae381a25eb3f724dcb034225a188536d
4
55
2022-01-18 19:06:31
547b4e7f04da01c5398c08752b171ab636d798d5796eaca112d0d97065bbe8ee
1
55
2022-01-18 14:29:15
3960b85409025f355ca73bbd1ac9b6a370aa5d642e608cb26f8a95bf62d34eb5
1
56
2022-01-18 13:59:44
43c88ec35994491143034dedddd96471c8572240acc75171d6be05860579d64f
1
55
2022-01-18 12:19:36
3ce059e3a1a046c609ae51ee8d33fd30ab26ac50d2e5919849392c0f39f008f1
4
56
2022-01-18 10:59:33
ccf3e3f7a5d053b301ea9079c1e42545168cd71d1608bb8f1a92ef242b1b3274
3
58
2022-01-18 10:59:32
a93223e2c669c4c6548d63d9e73518112da036b85da49dfc0764c2c99ae0f04a
4
57
2022-01-17 17:01:44
f724d1cb7aaddac263a4c524c090987dbd25bf40aa84c5db70c736ff6fd64612
3
57
2022-01-16 21:24:23
abf1d09e0d9b2e09f63f5991f5226b046e9d72bf8b769992bec2e61844b14ba5
4
57
2022-01-16 15:20:35
82887017109dce26f5a1196a4a8a6b131d58670151466dc01db6685b84cd0b30
7
56
2022-01-15 16:03:54
bc25adab6e5a0d5a95ec0c1d4ef513830359cc6bb6df47591fec46cbdfb1fafe
2
56
2022-01-14 22:31:09
1e2a5e21f3024cdb11ed27bfc17cd692d572efd27d95aecdea494381656e8317
5
57
2022-01-13 23:44:57
df48d38df4be5bc64fc74964aff13f5242150fa05bea6b1b4a1510f0d87a68d2
2

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2020