SUSP_Encoded_Env_Public_Jun22

Rule Info

Name
SUSP_Encoded_Env_Public_Jun22
Author
Florian Roth
Description
Detects encoded versions of the environment variable public
Score
70
Reference
Internal Research - Permutator
Date
2022-06-10
Modified
2022-09-17
Minimum Yara
1.7
Rule Hash
6119f32809e60b006fea063f76288a64
Tags
['SCRIPT', 'T1027', 'SUSP']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/susp_encoded_env_public_jun22/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
43
Suspicious (< 10 engines)
10
Clean (0 engines)
10

Rule Matches

Timestamp
Positives
Total
Hash
VT
2024-03-13 10:08:43
43
63
13351f47c8fa0f2ed610038a3e6fd55056404f960ca2a8c625429aaa531f71ea
2024-03-09 12:06:25
43
63
8674366e2b9ce391b22543629626edfc7a9ee58e1f7331c5dd03888d188e6cd0
2024-02-22 09:11:44
40
62
e3c6f13dc3079a8283866817db7b4ba50a0b3a0073a787914399e3f723a9355b
2024-02-18 09:13:42
38
62
3c901a17fecbd94a0d98f3e80b3c48e857bc1288b17a53e6f776796d13b1055a
2024-02-18 06:17:23
40
62
16880db37c35d4b28e6838eb3599b46cc8fe613309fe904c9432c92d0856325f
2024-02-12 23:12:40
25
46
f8003b4a1ee343e281b5b6b49357c23928745e32010b116e838986c71b43d9bc
2024-02-09 15:04:18
39
61
47054a8d380c197a7f3238427670591fb8a8e20b3499b910731254cd4892d517
2024-02-08 14:08:41
39
60
7ee70caf42a748c28c69419cdafe1f1b9dae5a8fc92fe378715ca808fbdb4f7a
2024-02-07 12:05:30
39
61
ae40262d5fad4bc48066bee6f0d7de3678c82b22586e56936bd8c21ea193c492
2024-01-27 13:14:59
31
47
cc00113e41a6f0974f2e2f6aaa4495899d20fba96bb1288a7758f2d8ae76cfe6
2023-09-14 16:38:47
2
59
65748bcb738333ba762d3565cd9e63bfc3b6131741e494c7da809843510e50cc
2023-09-12 08:04:30
11
61
ccffb9358fe57c15eaf07a984866fac113e8592db2d65586da2ccb61c720730c
2023-09-12 08:02:13
9
59
9bd56f46bb0176665cb7c237a7f74abfcb2e670c3f0204f4723c3372a0cc6b21
2023-09-12 04:02:03
12
59
e631222de34a094f0dff24d76843923f83cdd436453a35d5cae4536b4a565ea8
2023-09-11 18:41:30
25
62
d34f40cc20964f7796258be00444a2c1b0b86d086f2a3bcfe5d083481677a847
2023-09-04 05:09:37
10
53
7c08b9178c05ab765a3d7754ac99f4ba1abddb226dbb6cc898bc692bba1898a1
2023-09-01 06:23:32
5
32
e63082cf4db94f06d583a6313e48353366b44ce07b7ffceacc5bc4db88bd8810
2023-08-30 09:04:08
10
59
778e46f8f3641a92d34da68dffc168fdc936841c5ad3d8b44da62a7b2dfe2ee1
2023-08-29 14:48:10
15
24
eb1f47c9f71d3fd2ff744a9454c256bf3248921fbcbadf0a80d5e73a0c6a82de
2023-08-10 17:01:08
14
59
fa234a5611bd0406d2352c835a770eba071b541e2610744a7ee4cc05c7e37458
2023-08-10 10:37:22
14
59
e7ae6592037873646aa92c83f78e5cbeca76d62cc947d781b917c3274d7fd812
2023-08-09 15:08:53
14
58
d1ae636cd079d03de4af1008a094521c0609ae562f394bab06fdda40dc77926c
2023-08-09 14:49:02
20
59
cfe7d1b34f1d5ad058957447ac56dba8ad78801f277eaf5750fde0d47a942ed3
2023-08-09 06:06:13
15
58
9ae1da0094bb0caba3a12f32f95af9b390cf9dfba5e1dd1cbe58e2fc352bf42e
2023-08-08 11:23:46
22
59
7ec657a612735d8f07ae769c2052cf560f6c806066398b0e58ee9cd3e43ca7d1
2023-08-06 15:49:14
15
59
3119c53f9409450e3b9ea95dbf215c23141158ca30ba5985cbaa03e8f5917858
2023-08-05 16:05:16
15
59
2a8617cdca6d8b103ee879c8158ae33d80432e80ab4170b77e59b08d74852d52
2023-08-04 08:43:44
14
58
1817d0f491f541c1cd87c59cfc78eb2fa7b98e8e150576661e7438037a665500
2023-08-02 13:00:31
12
58
01f26a81fea5765ac0f71f82cb7ec2b33a2274cb3b4b31be90fe6ff4fc98043d
2023-06-23 21:45:02
4
59
7382a47f4f6758662afa9d33681ed67f44a243380213ca3224b1b6ce751da403
2023-06-23 21:17:23
4
59
9982febba6998130c3a296145490f7217b1cf3f88538be6814b1d26cc332946d
2023-06-23 11:40:25
9
58
2d882d0f4a4cb2b394f2b351e2616495ddb474a656575b883281ddf74cdd1053
2023-06-23 11:39:00
22
59
fd0149d5a080459f35b1cf9b6c7a377333dc88494524202451ef58e0f0e54eb6
2023-06-23 11:37:45
27
59
5ac61ea5142d53412a251eb77f2961e3334a00c83da9087d355a49618220ac43
2023-06-01 09:09:39
15
59
91ba057a757d7c5a8b35c3ddd7b167f95e81f7a320a480fd4362d0daf5dad6d0
2023-06-01 09:05:26
12
59
bf262c3b2c9fd8ddf6023296ad8916da8a36b533496d229613c46cb5dfc9140f
2023-06-01 09:04:18
15
59
ba8439b9bcfc4667a9e32ae0904cc77d37bfa41e491e31c72f16c2b77c64072f
2023-06-01 09:02:59
12
59
fc505402260063d8b549588e6315b2113a3743e7dedfd1aeaccc9efbcb6d1e18
2023-03-31 19:19:00
24
60
09f213298cb1168c1c41d13df6cc9dd4e96233851729e7bca5393a4d1112e44b
2023-03-05 11:29:30
4
59
92f45182694444c621467db9f2dbb5ac5b393e6076f5fdd2dda23b0d793c25f4
2023-02-18 06:48:38
31
62
3a3ce5cb96922136e9c0232f91cadd4fd29e3550c9326d4c9df0d19b19a01c68
2022-10-27 18:11:54
4
61
4f7cc025f52a170886aa6ef1d5b6af15a5a226eeb59e9da7f5a384ca1fa2c1fa
2022-09-23 11:49:42
16
61
898c6b42df9f45aa3b62eab90dd284ede19e0cccedd58eb7bbf10a6e96736013
2022-09-13 14:18:09
2
59
49444afb59cb8bac17f0df26cdc79827ae35b44639fe540ea0ebd2723bae3625
2022-09-11 10:12:56
18
61
19ab80a43f772bc5f05310a7121d047549145f6dffed8880045257caa1dbf8a9
2022-09-11 10:07:38
24
60
3002441d2df598138742e583bc86fffe964ae9d2217b28a8aa60fd12ee6ae4ca
2022-09-10 01:47:46
22
71
4797307cf4f253869d4999db13df26d528fa01ea55ffff89b12089849ef348f1
2022-08-09 17:34:01
2
59
5b570f808298c4376f7dc8573a8617cc19416cd0ddfe30af771f7ecb85bbf831
2022-07-24 12:44:42
41
62
cd10d3e345cb8228790ee8eb424597c8d0a7443d7d758191f60bec45f8646435
2022-06-23 06:34:22
35
58
214cd857955ed59f404f5b9fb76751eb4c2b45f4c2b9b821903d8f6c5269d810
2022-06-23 05:01:30
0
56
56d93f6f84c68b84927146803656bd9b84c9fe1e05ddeea1b8be7bbf6bc7b8c6
2022-06-23 05:01:30
0
56
55b26b2b381c9cf842e36da2d162157e8b9a24d9637af3259b156499cbf7ed42
2022-06-23 05:01:30
0
56
56a009204db86b06e21932455ddc812fb10a4469350fd3262e4a567d71661361
2022-06-23 05:01:30
0
56
0f2a4a90252a200589816bfdfabb2ba78a61c31ef4eea325b1560be2791ca99b
2022-06-23 05:01:30
0
56
ea55fa56b74c32d4516d8d89c403ef0f845f82d4315bfbe5c381b29b7f53ba90
2022-06-23 05:01:30
0
56
f640089dbdd4f203a45ae9a782db60f58bfdbe1aeb298c6261e20c6a06e42ac7
2022-06-23 05:01:30
0
56
ee9923f3be82a5e7f099b87fb3ef091b0312f1e5909a5601c75ad4497a702b7d
2022-06-23 05:01:30
0
56
5d131b0374414d2a3a5e4fb08454c2de910b3ab321047aefb6e792397572d4ed
2022-06-23 05:01:29
0
56
b8205a53189aaceb956eb56c1de7757371156922ed570a2c351cb34d7652ab0c
2022-06-23 05:01:29
0
56
d3926892f934ef9bf556248c826ea9498a992abc2c0712260530bcecef5aa80d
2022-06-16 00:41:07
40
68
88709d9a41d4ed7e8344baad92e27ca681572c8502a89e7e8d6da56f13118d33
2022-06-13 08:23:53
28
67
73ada27d09e0481ed33c9e2dcafe6d2c09607353867674753be3bad33c8a4045
2022-06-12 18:29:16
27
67
4bd8e0e2d27d6d50c6633e20d78d2e7e092cb29e5e47df9a93a29a995f29d572

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022