SUSP_OBFUSC_BAT_Mar23_1

Rule Info

Name
SUSP_OBFUSC_BAT_Mar23_1
Author
Florian Roth
Description
Detects signs of obfuscation found in Windows Batch files
Score
70
Reference
https://twitter.com/malwrhunterteam/status/1631310204947111937?s=20
Date
2023-03-04
Minimum Yara
1.7
Rule Hash
726c6b3886798420a5197f14a6ab1ea4
Tags
['OBFUS', 'T1027', 'SCRIPT', 'SUSP']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/susp_obfusc_bat_mar23_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
6
Suspicious (< 10 engines)
30
Clean (0 engines)
47

Rule Matches

Timestamp
Positives
Total
Hash
VT
2023-10-23 21:33:03
3
60
568b6c40e0705a65bce76af0020fe82696fb715be1e98a580ff9a92259fdb4e3
2023-08-16 07:05:55
2
59
1128e1141b4937444c0513841e0223a3be1f64a3e94a7d52d822f21445ee62fa
2023-08-03 20:22:34
5
59
3b96d6048a9669173c923ea934314987d083ee30c00eb4c30334f85ceecc36da
2023-07-05 09:03:11
1
59
095e0d3d8be702ee2ebc118e025bc2fc697a44e8d0af39a430ce89ce8d123a61
2023-07-05 09:02:46
1
59
ad8fac332dae0290143d385ef39596fb825597d7f7e36ead8db5f369e19a2ab0
2023-06-29 00:17:11
14
59
016470bf30a6ea9eaf2eb8b21ec6c2b17c4cdc5f96e3f0dfa8e22ab4a157e859
2023-06-28 14:33:26
1
58
5ea5161581c23a6f584820f365e632bf202becf3ef0402d5b4c06d3f2b350b21
2023-06-24 11:32:16
1
58
a0c7cad97adcf40199578912fb7bb3ae02960946f7a8f590a52ce6dea4c3531c
2023-05-31 15:04:04
4
54
86b2c80e93f0fed3510d742741ea9fdabcce68b107e49f2bc916b18aeb16ee41
2023-04-29 10:08:55
2
59
5b00e628dccfac4fed3f80fd2cc91abbaf86bfc0d8dd55d4ea7494e9b8402d5c
2023-04-19 19:07:38
3
59
23f45fe1261dd687ee376dc36555a98b72ab76c70a330d8bd33e2bfa1d41aeb1
2023-04-17 15:10:36
1
59
c84b51d457389c7e5789298d2ddbdc7bcd2cdce043d185c8f269a24ee283457e
2023-04-11 23:07:15
2
59
20ae3545bdb2c21aa5d8ec6f810073ffd6cf3b3fdf72dc198578d623ebab96de
2023-04-11 23:06:08
2
59
f01e82a5ebb0dbd13940ca54b9ac6f2a242530db127d41c3b5fbc805069c8ddc
2023-04-09 06:16:30
13
59
8d3e6e6454d7cd35d0dd301bcc10421b187b4e80335417bbc62170945d95aeff
2023-04-07 13:12:52
0
59
1ea75df03ebcd8d4d567fb7b97fc0ddec016f40570791bc70d37662822f85687
2023-04-06 17:11:18
0
59
f4d8e5ce60ad351c369579454d1046d06ab7492302a9666c4b9d34ac859c2b3c
2023-04-05 13:06:20
0
59
e946d09e092f377dfb17acf5b1e34497c5ee8ab03289b6cbc2c679e8f19a4d07
2023-04-05 10:10:22
0
59
fe598891e3464970eba4ac5406f5b7a686ed01e1409636ed691c2dc2fcb4bfe1
2023-04-04 12:06:43
10
58
be78a8d046460a89003008c9aa66e4aec4a123e6f75206f494067af7d41e777d
2023-04-03 20:07:10
0
59
4a7a652d9b52ed26a32f2d78fbe7e71b88fff5dbb8f74f879bc36878e8b18a31
2023-04-02 15:04:06
2
59
4cb43fd9852e263819a24d1f6627422fe0f1a34c291181348012c223f1b7fd7d
2023-04-01 14:30:10
0
59
741bf4bab43305ae3149ca2deebb65787478b25297b4b0bc81248f269a084e7e
2023-03-31 03:41:40
0
59
94edbd70478ba2c86496dad0f0e8caf725b69d96cbe202babc3fb2754a4f9ac3
2023-03-30 10:55:35
2
59
157b25b627f206d8a0931f234ddb966b2f6da10eabeb6917926680943489e0f5
2023-03-28 14:19:51
0
58
356db138221299df80ba98a895bc25ead361513940281ee41e147e9402e79c3c
2023-03-27 18:06:37
1
58
37497d6e419fbd97a1fe600bc14c55b6b57cd27702aa2d7b8959b82932c61530
2023-03-27 11:17:35
1
55
2e5325c0bad5dc2beec825ad8dbec6bf2b189ca07b48de6afa8bb51ee417567a
2023-03-27 09:58:43
0
58
d998c5c571c672bf7f0fcbb5f2bc0faab7314bf8a5e49b48d240c8e119e2a089
2023-03-26 20:07:27
1
59
eba9a9bf3962248325f4cce792cf4325b2927d64e889dbe79107b5d2f8b0460e
2023-03-26 18:51:20
0
59
800cee019cdcc9bd60835c0728738f489383e11cf90db7722783841f6d0104b7
2023-03-26 12:44:31
0
59
15ae9550896d011d8421a65c3f0ab0e84a2398fbe3a59e9e0e0cec0b826ef1be
2023-03-26 04:14:52
2
59
4625979c00fcf72c5631e2a31da5691343f83279aa9ac66df43f0155de9369e0
2023-03-25 14:30:45
6
58
857217b72741e90dac37cfc2069753957841c31b224e6cd755c07833aa14dbe1
2023-03-24 12:21:59
4
58
deeb37b7fee09796c54d839bfd3d8b372925f5efbab505cf21895f6f4206ed4f
2023-03-24 05:11:58
1
59
17fbe04f41d80d15ac5418cbe580e516a157aa0ce02495660feb653f658b43b8
2023-03-24 03:38:39
0
58
2ba1afb3660f5f3be924512c05b81e1930b341e602f5ef7e830fc39490a369f0
2023-03-23 05:24:33
1
59
9f172f87837fc66a6acdaa0fc1f096dcebf6f7528aa0e5f0eae667963b352c46
2023-03-22 19:06:12
0
59
a5a2d1ba838e3fd4586b1fddfdfbdba22bc396cb3e296aa16f7b7869fcb26f1f
2023-03-22 14:12:24
0
59
f590b5d9c60f27f88ee136632a4b34d037ff271dc55275b4cff859bd48eb06f2
2023-03-22 01:18:52
10
59
207395ab12bd63f0d35d0f72dce41df093ffe6b836d01ecf9251686ba5b00dcb
2023-03-21 18:24:52
0
59
f5080433ab2cabc9368cbd5c0ba3e1e32011996089c553baca07fab4d4592ec9
2023-03-21 17:07:34
0
59
d84f02d8ae6845530cdec72fbf52522e41e88208ccf0cae7980a7adeba45a3f2
2023-03-21 09:43:03
0
59
f838ec5a4b277133a578605e8bdd0be7fbeb6d97f4d2b7cddddeaf947327a02b
2023-03-21 02:12:27
0
58
4097fbff2b94d6d1f3b30cee2f48b4a396ac5a849727d1ad1ca90e7403c3b2e1
2023-03-20 00:37:27
0
59
75de85c1b9f9f791e7a4b52b9e2c8217e49da7dd7c6437f06788557fb7a19023
2023-03-19 18:10:27
2
59
1eb916938acc10501f35e2b219a135ab4abcae67c8f1d74c780637855ddc1bb2
2023-03-19 14:16:00
0
58
cb10fd5829593b0e065138c486562a951338a6a12ba648ee0882842476dd9ef3
2023-03-19 14:14:47
0
59
28f83180920039a1d8a75f5af70203f00e00024f60815f176f5132361ac61617
2023-03-18 15:36:44
0
59
25eee7134b0a824f90dc16fb4a0aa8ffb112e279dab8a6d6514529b86f218266
2023-03-18 12:23:50
0
59
44e49eadd81b21a0ffc86743f35533a61a1e79abc4c24cba85ebeaec22ca65fa
2023-03-18 08:00:56
0
58
8efde26b268a9264c0a216a6d9a6798161e103e88197920f17c7d10dcf7ce743
2023-03-17 18:07:52
0
59
5b6a53880694e45850c2415e6dd07271a34721981be64d5c52b1775604a25645
2023-03-17 11:46:29
2
59
88862a4a68ac9e34058c8ef0278c9fdb6bef7af46f8add55b7e663685b37bbee
2023-03-17 10:02:50
0
56
ac4814d2973c050b02eb2a64e7a1fcfc07afaa8950d39a6879f644ea2d0619ed
2023-03-17 09:24:15
0
59
1c5dd67885ad98ebeaff65870060710f4bf0e5294550e57517f03da58b651db4
2023-03-16 22:46:00
0
59
a6c60a56a0aad962c30c202b53aa673cc3e827d0da19f30894b43bcac9f2d72b
2023-03-16 22:19:47
0
58
4e1c90da60e3f6e10a80c030507290b4998c84c2ab6dc5da24d00a274ef98ffa
2023-03-16 21:39:24
0
59
7cbfaf9a1b74d911458fda5934057080bb2b5a78b8f729ecfff4bca1667cb0cd
2023-03-16 20:07:48
0
45
5e9cbd27fac4b686cddd43c6960ca1b831bba517d49d93b0f31f8ee41e7ec46f
2023-03-16 17:37:06
0
58
4ebb1aa7b11e48f69c0f52df232ed8b1a1b0daee9732abdc1248014c7c14fd12
2023-03-16 15:46:54
0
59
a5ea42c06e3f00ab669d91554323f06aad0c34f49914fcdc27c8b8b5ec71b4bb
2023-03-15 08:45:09
0
58
7602ab2e29de90c907ddfcb4231c71facade43c937b80164b8ab456603d2e9f5
2023-03-15 02:49:59
0
58
679d060de2e1b000a0111249a4791ba94183915f3e596d0b69a7301faea9f903
2023-03-14 22:54:18
0
59
1dce1a45b2a1b9eddcb4179d552f40bc8a189e5c6be8beb8e069a890dba779eb
2023-03-14 12:55:48
0
59
6f36d7d81c7e00f7de52729a75b763bb3f6821312340c6d11767d244f812f08d
2023-03-14 12:26:27
0
59
0e3b6f57432637bcc9ba3c6fe04bb004cf63796964a7258bf7067889117a684e
2023-03-14 12:12:33
19
67
02c618a4184fa1f5a644bb4e0d8a1d36829ce3efc6fccc5bb0e661f903b91ed8
2023-03-12 15:17:13
3
59
e2a727d71c26c9253b791771ca6ad37850e4ae526e5a76ae2a07ae99ef83615b
2023-03-12 03:07:41
22
69
2602bf7d58ca2444ab9a93bddb880947dc8b072ccd61f0d5f220c8688b0fbff5
2023-03-12 01:41:17
0
59
10fe19fd4ab2b407e6fa0016abcc55d932b6d655f09377ad985531ccbc85abc5
2023-03-09 15:21:57
0
59
1c0c09be4c107a01fae9e686cf52579e14f0ce1d6385932eaec574cadb75a26c
2023-03-09 10:59:25
0
58
04e46878fdf3316075656e073653a34ae8929d18f15888742530d94c87dfe91e
2023-03-09 10:56:03
4
62
d63a43ab32a476d041edc8f7149fbaf131595d6709fabbf8fc30cb3a7861e800
2023-03-09 08:53:18
0
58
94b8172659365417ced06bca0a5213547e6281daa42524a6cfe5a2fbf97facce
2023-03-09 05:07:08
0
59
c935b89c7aa02d758ed85ef7faa4d24ef0baebfe275d963fa962cf9c3e75315f
2023-03-09 04:07:38
0
58
3aabe65f773b8199ab3176be78bd4979e229e563a470cfb5a014f1023d17539b
2023-03-09 01:11:56
3
59
cb1e7498dcbe72083463d95b8479c4182c1d90adfc1fd4b03b200850247798ee
2023-03-07 22:01:12
1
59
b6048e1e9ce8420de7993baecda980cc9908ddc7e35a726efc92b2e66df14a1a
2023-03-07 18:16:53
0
50
4aaad488ce12168ead924658e97bb45b7462f2d7f2b6ed27a01028fb2e13adf3
2023-03-07 16:19:05
0
59
d19d4775494aaa5021696b01632945507d9790ef54247f80da754df88468fdc7
2023-03-07 03:48:19
3
58
802d435ec6ffa182410240de37ae812acd0adce2e995631942693890c55d0ac2
2023-03-06 20:10:24
0
58
c588b25e62abd7c7777cd06123aced9612f05e31b1e14405d9f6ed54a2d92ff6

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022