SUSP_OBFUSC_Ampersand_Excel_Jun22_2

Rule Info

Name
SUSP_OBFUSC_Ampersand_Excel_Jun22_2
Author
Paul Hager
Description
Detects obfuscation technique inside excel files
Score
60
Reference
Internal Research
Date
2022-06-22
Minimum Yara
1.7
Rule Hash
234ef15b61320589d48824fb7cdb8e01
Tags
['OFFICE', 'T1027', 'SUSP', 'FILE', 'OBFUS']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/susp_obfusc_ampersand_excel_jun22_2/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
10
Suspicious (< 10 engines)
12
Clean (0 engines)
4

Rule Matches

Timestamp
Positives
Total
Hash
VT
2023-04-17 22:09:12
22
58
fc9253ffcb683b17b2963a329e0d1078315a68ecc8af492238ff27be69741b1f
2023-03-14 22:00:15
23
58
2f8447d752b9aa82298eff83e8f17bd62a63f1ba62e6405681193f1dc7729f67
2023-03-14 22:00:11
22
59
d89b7d38fd8a9e6e956d206d38aaf287302fa490f0a6258530e7eb1289212864
2023-03-14 21:58:43
23
59
bd1141b96e73c592d43d300feb4a2bed92034dffba7d5e49bf95a81f1348fbbc
2023-02-26 03:12:57
25
59
6dd9356952cdd6b95caf156e3e1c1471d7e098b9395e326c2a5a80643c35f018
2023-02-24 22:44:01
22
57
f9ef0dd03a642623a126a648a3e3b498d8403d13558799b8b55ca81a239f78e5
2023-02-24 22:37:50
31
59
c2beed76b90707ab99d3556b095847fbe67565665bab2978d4d40d1b769c68e7
2023-02-24 22:36:38
29
59
90e37e1ee0ab1fa1161bc9308b04f0f335c97d1feb756097ceb983695c1599e5
2023-02-23 15:54:23
20
55
8f782d1c76a62d5afae1d19b857a39346fcdece422c7dee0b3af6070b6023819
2022-12-13 07:57:38
3
61
9d463ef4e67e51e490bfa401a9a0a87a51c1d2655ae5629bc1e3a82022ddeddf
2022-10-05 02:10:45
29
61
561bd2ad03d5ff349d3a0a4fbda71b956dd8d97a0dbce4e25549bf8a7721c5df
2022-09-13 12:58:42
0
59
0f45d8009e25f182c9ddf56b28eea2165a30c8840fc2678bc85c96b02dedc658
2022-09-13 12:58:29
2
59
bb8c20cf59fcb40334603a11b4e55b294dec85775863003bb1fb1c08f9db4039
2022-09-13 12:57:02
2
59
c2c176c24bece0149b107b85dbe0293a20df1ebc3d675f051bda9a44d0139d01
2022-09-13 12:55:41
1
59
92fb6b1cdfacc7a3ac2488af0aca1c1003f0c3191b32efdd7d8459de9b8f7de0
2022-09-13 12:54:29
3
59
6445b280238304838144644a8d53b1a9a628307b35b83e7e9e0f6fc4bcb075b0
2022-09-13 12:54:15
3
59
0ffbdbd2ddf3e2e43c82aee31f047a5d8c68cacb2d1fbe6a7b01e2ee08096964
2022-09-13 12:53:05
3
59
d6c81a9c96b5fb09b89938634d76875f3e2a12dc24ab87d230b5446b735c8459
2022-09-13 12:51:52
3
59
e0de0e6609b7335c11a47d22af18fb756320129f65e880162f20643257aa435f
2022-09-13 12:50:47
0
59
d182a5949daaf893297acd7d6272dacf6c3c3d88b2ee26e017a22ad37c6a61f7
2022-09-13 12:49:35
0
59
95045c7ed0215221aa94507dee726b3020a5969e50f4d90c5292baa8818263c4
2022-09-13 12:43:21
0
59
ac44c7f9bf80ace7d70688ea4b2ff230484a1a82e00a69197b38bf649b72b75c
2022-09-13 12:42:02
2
59
ff558d93b36ee5daa4e072ed9e6eb0f5f98374fe7fd4c01c257315984f5863f1
2022-09-13 12:40:50
2
59
db53a8fc87b4e2af3cd88c1ca9d5dd158c052b053cceb6391855dc429f55d9fc
2022-09-13 12:38:05
5
59
59d6d0e6f50cf47a689fde673411bde25ad2a6ead85a0e797be713c5fcd8b904
2022-09-13 11:42:20
9
59
f338eca76c2e0738c608a2450e1cc09c08507adc28bcb4242847ee61fa91cd19

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022