SUSP_JS_Bitsadmin_Loader_May21_1

Rule Info

Tags
['T1197', 'SUSP']
Name
SUSP_JS_Bitsadmin_Loader_May21_1
Minimum Yara
1.7
Rule Hash
0579d7c518f1fecf8e0b6f7148f50c97
Av Ratio
13.81
Score
70
Author
Florian Roth
Date
2021-05-31
Description
Detects HTA loaders
Required Modules
[]
Reference
Internal Research
Virustotal Matches
https://www.virustotal.com/gui/search/susp_js_bitsadmin_loader_may21_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
4
Suspicious (< 10 engines)
25
Clean (0 engines)
0

Rule Matches

Hash
Timestamp
Total
Positives
VT
263a9014f82d3fad88154a09c9bb9c096ac1a27b97f9004c07d5c196d205488a
2021-06-14 14:20:22
59
2
82ba2d512a0d1883610d7bf3d07afd77e59a9893e2214cc283120c7845970abc
2021-06-10 11:43:04
69
31
e78980478c41bc244c400d89b1c88f44a960fc4cd70f80df380fb47fbac596cb
2021-06-05 12:39:53
59
10
d8041375fb55c73f9dab289d3b0682087a2b507d37d658c8c7cd1d6b30c543d4
2021-06-05 10:17:41
59
7
2dcd8dc451096db169db44765db5d86b4148efa88e577d672c9ce76f0059914c
2021-06-05 00:49:02
60
9
56aad519e377636e3bdc3cfd7d584ea4858c13df2bc0ee36b045280ff299b3cf
2021-06-05 00:28:57
59
7
4c9a81bd24e4c651c8a7205d10e4e57e54429bc49de561739f37940ac95a8bf0
2021-06-05 00:20:41
60
9
14905f6167f0afb8d1a06c141390d57837f2b2b287455f51bc851c1d66d53dc3
2021-06-05 00:06:53
59
5
5e40333a498014d2ec310c8b966fabd38e289993f6c049b9161e72f8951e0ef5
2021-06-04 23:51:51
59
8
cdb1766db33eee4c85d60ce035142fb3e539076bb02f87ce0e648aeeda313244
2021-06-04 11:19:15
60
9
09b525b377b2553b48621ecabf217d3f20abc71dc048271edd5547d185ae5bc9
2021-06-04 10:26:15
59
5
6d1131bb9911c3f95de1f41c83745c33b904b9342b675208460b9eeef0c48d1b
2021-06-04 10:24:05
60
8
8333d5d87fd71655d5def0ff2f98d90339aaffcc1cfbf330caf5dc536432cade
2021-06-04 10:06:34
60
8
02d52743b0815b73610ee9c5de55f79c62fb8667580a54634b6cb5e998b08bd7
2021-06-04 08:52:22
57
3
fa1450ba6053c65214d4b08274e75b8eb475dfab478d370a5c0d96c78a93a2f6
2021-06-03 20:40:27
60
6
dbbc0178a34cffff8925ccb40452cf001338dabccd4e7424513dd14bcb1fa0df
2021-06-03 13:15:13
54
4
84e600222050c9147c517b8c537a70b5e2891552ced3810db7be2df30a1937f4
2021-06-03 13:04:37
59
9
6f8c93c1c03b838186e98e9220a009c426d340eb82b3c6b79407dd498dbc733e
2021-06-03 12:42:49
60
9
5c1c2fc81af89338f825d10938a1bf967d36b10ca38f717e3bd2ee7eb1c3a26e
2021-06-03 12:09:01
59
8
cca09831b1e10a71c3042a3a06bf05b515afc0aae2a25a36e91249e6559cc7eb
2021-06-03 11:34:50
60
8
d7f7ab5fe171c98fca16d36234d5d66c6cf38408dd114dfd6c39ecfc19238eed
2021-06-03 11:26:06
59
10
a7057ca485b84d03b3a084ea6958e0b7f35aaafb2a2444048b4c0535909c2a04
2021-06-03 11:10:21
59
8
ccea559128ce31c0261f7fad63ee4274ed3a789b12442cfc2207608871542f8c
2021-06-03 10:16:47
58
6
43c20abcfb2515749b94f3d824b6d833db67c10996bb85fac3ed13ce23b9c00a
2021-06-03 10:07:47
60
9
c8f6c30d68f9841dbfcd1991794b64f7f49ae3e9a5bf04e3716d8b7a56d8492f
2021-06-03 09:45:29
60
9
731849f90430b24cc9841b5cad073f2d73c1cdb6527c104ab0598de14ccc2803
2021-06-03 09:14:52
60
8
2e7824dd42e82bd4f3d10e069e87fedb67a8dea7c4ce4c38b0b6c7d5a13e32f8
2021-06-03 08:56:05
60
8
09f68ab607e51fa66e6a5255bab3131b1033b6cfc3bc5c6b401f754fb8adfa21
2021-06-03 06:17:11
59
8
fb6bd69bae37b35d324179ee87f892733f396b18472136540e71540728215508
2021-06-03 06:07:45
60
11

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2020