SUSP_Dropper_Indicator_Jan23

Rule Info

Name
SUSP_Dropper_Indicator_Jan23
Author
Paul Hager
Description
Detects indicators for malicious dropper functionality
Score
75
Reference
https://steve-s.gitbook.io/0xtriboulet/zerototal/zero-total-self-injecting-calc
Date
2023-01-02
Minimum Yara
1.7
Rule Hash
d2f28b6a233f580bd4bed853b146d07a
Tags
['EXE', 'FILE', 'SUSP']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/susp_dropper_indicator_jan23/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
13
Suspicious (< 10 engines)
26
Clean (0 engines)
4

Rule Matches

Timestamp
Positives
Total
Hash
VT
2023-12-31 13:28:32
6
72
0f5e28cd31b2caabaeebb0467fe539cf078a5e3e49a77b0efdaef6d2b4792788
2023-12-31 13:27:10
6
72
b9e95de70574414e180417ccab0473e13e39d9d002d42e0c9eb48a2c65c3cf85
2023-12-31 13:21:42
7
72
b2c30cd5241e037643b5682512a53f2f6c1b235b0254830dec929363ee6d709d
2023-12-31 13:09:34
6
72
b6bb39e8f678325bfcc09fd691e78d8b64985026562eb1b9a98be470688e45bf
2023-12-31 01:07:37
7
72
d56728266aff7da38afecf3cc4feb34154c1c7585e8b30736192ac4ed3d0e90a
2023-12-31 01:07:30
7
72
fd793b428b1ac4f31c093f5c8a6556790dc318ab1242424db36be08c0ce1753e
2023-12-31 01:00:23
15
72
aff24baba2c75ba69a6f5b12f107a4721b5e7078e8a957c0c202b5432521a819
2023-12-31 00:58:04
7
72
62992dbfc490132845defe9a15513ce4297aea9e43a2566ff70a1b154a1bd662
2023-12-31 00:50:11
7
72
f34b33f5e1397b2eb7dc9d775520d23a4f0ec7739f132294bab7c2acdbd994cd
2023-12-31 00:39:34
16
72
eb4bd530fc422eb797340ccd8e0846a75d48a5a8bf05c16c201495ccdfcc718f
2023-10-21 07:21:47
10
72
d05cfd9b55495532472b87b7195a865d759bcd3b272b5ece26f4ebc81074af71
2023-09-07 06:14:03
5
68
a0bc5c9074e2e985f0754f65574044ad3f96cdd7394e119d519e3a792913aec6
2023-09-03 09:04:56
9
71
913426313f42bcfad440d2dc5692e122280ac1d4adf2b81b0d7f9e812b05d4d4
2023-08-23 12:20:40
11
68
8f7d9f8dbeee737cd3ea3bb213ffd889214b01860aa241e4838975c8cc3c3245
2023-07-21 23:09:14
11
71
3823d9978effe1904f88cd25efb221b28c024db1071d8943782242b5fb2d0e39
2023-06-16 14:50:50
37
70
699c28abf32b3822b17274bc83c7bcd6842803849c9f71bca338094c8a811024
2023-04-13 03:12:23
46
70
978bb79b318977828ed587710edfababdc0ba953792663e8f7656f69a50df87f
2023-04-10 16:13:23
30
69
3db9dc54186b8d8f060058a9c7fe4cb024766ade114bc460a47e1b71c39a8165
2023-04-10 10:19:55
13
69
cec78c7a38fb6a54593f42f61a40ab76d7cb0cca58c64d1dda264e267ecee95e
2023-03-21 06:27:09
33
68
9ed5a16dcd9bdf4ddb3b848a48c1eaea1514a7ca952471e45f1b9d5cfc98226e
2023-03-18 18:01:56
21
71
8c9072b06886946eb4ae238cd66ce61049ad022e7bd59362c3e698b67ed37a49
2023-03-02 17:37:28
0
69
cd0c8a571f09f80c182ab51c77eb6f0b0fd3123b40e66125ddcd2f3caeffb748
2023-03-02 17:34:12
0
65
0a5a6c5ef714388e231c812ce00990b69df7523af78478cce974a5caa1cfc614
2023-03-02 17:18:43
0
70
17702ef39d2d22bd3a1397d4d0f7a519f55a5e7a8c74bb2058265a670624de80
2023-03-02 16:06:15
0
70
7684ab41436de6f96a2cc11ebfe0f609a967ca5504d98ecda54c6c7b65a0fd2b
2023-03-02 15:51:53
2
66
a2a9830e90cf3f7a2c64afb44de82f44cc3bdb190902033167fa543e59a560d1
2023-01-30 11:38:33
1
70
6d76d61356a85016439f86f666c1587405a5cc1c65bc8c56ba4b95a1c961634d
2023-01-30 11:34:01
2
68
d20cb2d30295978d5a4168543966b612ee05865c2869ba2636bf5d5c4e657cc4
2023-01-30 11:34:01
1
69
e7e675ed584d23a2f6d5e97af69c9c0e98535bce8b66d4160bbcfb3029a726a5
2023-01-30 11:34:01
1
69
6d2f4b18e9502f3210e67af3d01143a1ef09993e54008b0038d1d63154c8be5c
2023-01-30 10:21:29
2
70
9c906481128d8f81d67083e8f055da0b537ff903758c960d892f1f92d20905b3
2023-01-28 09:24:28
3
69
a1a5abea1fad11eba56017d40dc45172ed62d67bae279fa6b474182dc5879fe0
2023-01-27 22:25:50
1
66
5d93bf3743a31cff8c57d2375d66a543d1a6a143b37eadd236a82eda151a1989
2023-01-27 05:50:21
3
65
d1322ac7ac71ac875308a8b0a40d4df981f8e2a4b5e43cc62efb624d75fc2446
2023-01-27 04:56:50
3
65
aae4a489e0906364b2121d4bc5341af0a0b64093aefb03de1be54c3bce1ce210
2023-01-27 03:13:44
1
69
28b41273f92544b44a58f6d3ce35399b5dc2f21dbdec3959e679fd0b0b48fa25
2023-01-26 09:10:08
4
69
b0e999ce3c0fa0b5d1ea4381935d46ac3f676cf15abb078aadfbc07222d2a85f
2023-01-26 07:38:09
1
70
6aa1e6f909b5d2fa4cc314bcf22344d965aefe54e5999fdaee3eb7b0c8a38edd
2023-01-26 07:33:48
1
70
896a5e48a968385114f6f110861b212783a05c20f7f4ca9370472c2043c7df5b
2023-01-26 07:28:12
2
70
dee10c9ab1c8e4faaec0989a73bb8e8a3f706ec1168ce0ddb79472961ae7c8ae
2023-01-26 02:54:28
2
70
cbd99b3601e873a92fbd2ebed8adf79a8e72ead1a052569a0226f920c849700b
2023-01-24 04:15:22
33
70
6ef432e71d24c15992a9b9b7183c91ad93739722069c556ffa49979c92e1a1df
2023-01-24 01:25:14
34
70
1608199f571c5c37bcb2ff58b6762ecd1689784e8f2f02cc6feca6a732fc6cc2

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022