SUSP_Encrypted_ZIP_Suspicious_Contents_Jul23_1_File

Rule Info

Name
SUSP_Encrypted_ZIP_Suspicious_Contents_Jul23_1_File
Author
Florian Roth
Description
Detects encrypted ZIP files with suspicious contents
Score
60
Reference
https://blog.delivr.to/delivr-tos-top-10-payloads-highlighting-notable-and-trending-techniques-fb5e9fdd9356
Date
2023-07-18
Minimum Yara
1.7
Rule Hash
6d5b6bf315d76c53ed587e4c93c02b5d
Tags
['FILE', 'SUSP']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/susp_encrypted_zip_suspicious_contents_jul23_1_file/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
1
Suspicious (< 10 engines)
18
Clean (0 engines)
36

Rule Matches

Timestamp
Positives
Total
Hash
VT
2023-09-28 19:18:41
1
62
7c9520b2a70d1e7c6ab4d17ba9e39066fef3aea9946e27dd63686e85cfe61f20
2023-09-28 10:15:37
2
63
38bfaeb0bc3917f0bccf86d5b7889a60e1a1c7b009f7a4f74521b9b2d5974d77
2023-09-27 10:03:34
0
61
d29540fb6f771d4764a6ba231cebfd6c55df741620a7aac4e471169fe1751460
2023-09-26 21:03:11
0
63
cea7668d162e26ecf54d375705ff946ef7077b303acbcd2c831b8bf5548ca87a
2023-09-26 20:38:39
0
62
b78e55ba6682c6f54069f8564e4ac665cee62bf22c63b4c691f069b12f7816d9
2023-09-21 15:32:44
0
60
4889013128554b4e43baf91086b5aac2f32f6fd6950f5b025f01dea454b3ebea
2023-09-20 13:36:07
0
60
06d7fc2ebaf411e8f5dc762bb9eb9d29cb020ec4cefc78af75fa843ed32f80dd
2023-09-19 22:17:31
0
60
136b7835c31ba799dace721a56ae30c7d45c06fa40e9b73ad38f834d757bb6e2
2023-09-19 16:18:56
0
62
0422410cbdb8b0aec2efd2745f33f18d6f8638c09b37bd7930e3c28c94d738b9
2023-09-17 15:10:27
0
58
15b56f3d6380096d3b619ed32dc0682ed76aea6f8858099cdc05799fd094568a
2023-09-13 18:17:53
13
60
a15b7312545577b8417e78d37854f392f2e01d2010fd38dae22c98ccfa223ac3
2023-09-11 20:39:23
0
60
620c7e712acd45163d5f43c9992570e08ec6d5c8a6112f31fc4687a440bdd80b
2023-09-11 11:07:17
0
61
8a6b6f64b789bb7d75f98988e70083de2d60340b647f63228aeeef42ac3c518b
2023-09-09 02:12:32
0
59
8c65c05a0aa9e3a9a09817374a0515b2f5019c9984184e06604b088a3188add0
2023-09-08 12:01:27
0
60
7d33241274e85e31a38658695fe1d714f4bc37589ab7915c163598687193faf7
2023-09-05 00:09:28
0
59
d3ed9044bdd04c5ad47c067a07c0d823eeb6bbabb68a044ac26223e365f05211
2023-08-30 19:03:12
0
62
a639cb71f6f021a531d79c4ec2c9b22c5244874f6c959135d843e1db3476b1f4
2023-08-30 17:57:44
2
55
598bf218b63b3f3159596200d24675f49a7069c1f6efd68b0fe5c68e8b83c2f4
2023-08-30 04:03:20
0
62
68125be2d012c30dcf1fd236f90bb79057cd2101f33ea995cf5841b9ff583b5d
2023-08-28 23:02:12
3
59
09430dda20a341ab69b5dc6037f1c2f3df892e0da74eef5a6eef94d60a2f3728
2023-08-28 00:57:13
1
57
261ecb47cca101218d3a01e2f7ae09cb509cf2604c2c9b343885bbf84be7dc7f
2023-08-27 04:04:30
0
59
901ce2acff56cc95db036613171d0fb1f8b0cb7e45bbf0e579c9bde645092f5c
2023-08-26 17:15:03
0
57
0c4ef9e2d157f361988fc2fc487955d148e08b9ac350ebd1b31c541a2c44f0c8
2023-08-21 12:58:36
0
58
cd768b466940a426fbe643a2cf2436009fa1892503e7cfc85352e2186c4a68fd
2023-08-21 12:15:58
0
55
6c07e1dfeef61ea3d00371e58ed8bf19cf945cc43832b6df4e32ac7a51edeee3
2023-08-18 19:32:38
0
62
ec13ccd57750418b54094d5b8c7333b3302f1e7941cde9b70f21c356803ad8f1
2023-08-18 08:35:04
0
63
0493a81f53156db4dce131fb6a2ff62469d3693dbcfd9cc4e06f46389cf342ae
2023-08-17 23:06:16
0
63
f6bfc75cc348a3162cbf21bc4af1df484381ca30c58c5cc8d9444aab140b294d
2023-08-16 22:25:07
1
62
13bcf50a2b0f0d5848217a816b5ce534122dd966e053e70499ab94f02cc08435
2023-08-16 19:49:02
0
61
921d3d3475753d9d0561f005132a6bf69763725c44b83f6f32ba9847af49a40d
2023-08-16 02:11:39
0
60
13e9c69ddf23d8ebcec413faa700c34413295f32a8920539eb0a4e6281845145
2023-08-15 06:39:55
2
57
ad3c35ef37ed5ba211f21a3942c76758498d32c30222e81e59d2999f6570a887
2023-08-14 17:37:11
0
61
c974d13bb651dfc2748540ca9ead44f668119fbf280cbcd689c353822e50b04c
2023-08-12 22:02:32
2
61
adedc0f777d6233faa144dd400322e0ae506048b8bdc51e894990e4fa106286b
2023-08-11 20:19:56
0
62
f487079dccc78945daccb2b7114816544122bbf2eb1e1dd5306d388b84e40607
2023-08-11 13:44:46
0
60
116723df4ccba7d129e7d775e46ab896d41e89c147ace0a435c34e357c1f4a00
2023-08-10 22:23:36
0
60
65d7e8ec32cfcc1bd7190ab0ce0439061e0f9a5c6acb9cf24c3a4984b2c925a2
2023-08-10 20:15:58
1
62
8f41e0e16dd756e98fb056e919fddca029fc300cfa31821d4fa762252490336e
2023-08-10 11:54:39
0
61
14e383bc13eef6a30ab918c4f4c2202813c5d6dd8ba219d5e4433be47bb00460
2023-08-04 12:33:35
0
60
bcfa6b93b4ce5394bba2f2e689a9e5ab7a489ba09ca944c242cff7895facf681
2023-08-03 14:15:23
1
62
d2f63b060e03c2a13d10bc84866d301c690691b48b1a20d02e1379406f77b5da
2023-08-02 17:10:24
1
62
a8786b1dc71763533e1f5f35d913ee6ae62f2576d2994a306e5f4d93432bde28
2023-08-02 15:58:27
1
62
2b3aee21e26df0ce71c1688a8013a758d8698072b5665f6c9dd7647206659f82
2023-08-02 15:54:18
2
62
17770cb48a936bdf200a6fef0591021bad4a77babf017a997819977848bde515
2023-08-01 18:05:14
0
61
d5700c9f30c904012ee5d12f9ee42a73a50dee4db894fb73c3e94cc27d1f5a6e
2023-08-01 05:37:13
1
59
6cddbf90b25f8ee7525fa81eed9ea2d173e42eb7058492cec1fa7a0571a35052
2023-07-31 11:24:27
0
62
979c613e1801dde764abdb87478138eab1b24f6b55f8eaa2f63b8a81d6af9a1f
2023-07-27 22:38:13
2
54
89eb6303b2402f3887b5fcc03f16d1477b48e6bbe1abdf9dc771e0a010c4d6a0
2023-07-27 21:24:07
1
61
d7838920793109794c96ee952e08aea952cfb6f6dc6369c198bebeeadc4a2716
2023-07-26 11:24:06
1
59
5ae6ae09dbef3ce028d098330504fcb74d7ce52ed8b16ea35ec11628ded04718
2023-07-25 13:45:19
0
61
b832a82c9a3f1720d0aebc9697c773232dd9e2694ae4608ff66b3a830a796545
2023-07-25 12:21:28
2
60
8c14dd8147c3c333e6f99d7f27a16203b4392abeeb51f5e56820ae0ee98f4a94
2023-07-24 19:33:43
0
62
092106302a786b6a726503c027a8aa8e68df31d4e81dce380033e45a04dd1e9b
2023-07-24 11:53:53
0
63
cffee76713743bd068fdc2ad54fa380e89a500034a94e56bbb2566fe7fd4e5f1
2023-07-23 17:39:21
0
32
6e67e52b9716f1ea1c809b6d5e8342cbff2a502c5dfc622b7ac0580e68922491

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022