SUSP_OBFUSC_BAT_Mar23_1

Rule Info

Tags
['SUSP', 'T1027', 'SCRIPT', 'OBFUS']
Description
Detects signs of obfuscation found in Windows Batch files
Required Modules
[]
Date
2023-03-04
Score
70
Author
Florian Roth
Name
SUSP_OBFUSC_BAT_Mar23_1
Rule Hash
726c6b3886798420a5197f14a6ab1ea4
Reference
https://twitter.com/malwrhunterteam/status/1631310204947111937?s=20
Minimum Yara
1.7
Virustotal Matches
https://www.virustotal.com/gui/search/susp_obfusc_bat_mar23_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
3
Suspicious (< 10 engines)
15
Clean (0 engines)
40

Rule Matches

Total
Positives
Timestamp
Hash
VT
58
0
2023-03-28 14:19:51
356db138221299df80ba98a895bc25ead361513940281ee41e147e9402e79c3c
58
1
2023-03-27 18:06:37
37497d6e419fbd97a1fe600bc14c55b6b57cd27702aa2d7b8959b82932c61530
55
1
2023-03-27 11:17:35
2e5325c0bad5dc2beec825ad8dbec6bf2b189ca07b48de6afa8bb51ee417567a
58
0
2023-03-27 09:58:43
d998c5c571c672bf7f0fcbb5f2bc0faab7314bf8a5e49b48d240c8e119e2a089
59
1
2023-03-26 20:07:27
eba9a9bf3962248325f4cce792cf4325b2927d64e889dbe79107b5d2f8b0460e
59
0
2023-03-26 18:51:20
800cee019cdcc9bd60835c0728738f489383e11cf90db7722783841f6d0104b7
59
0
2023-03-26 12:44:31
15ae9550896d011d8421a65c3f0ab0e84a2398fbe3a59e9e0e0cec0b826ef1be
59
2
2023-03-26 04:14:52
4625979c00fcf72c5631e2a31da5691343f83279aa9ac66df43f0155de9369e0
58
6
2023-03-25 14:30:45
857217b72741e90dac37cfc2069753957841c31b224e6cd755c07833aa14dbe1
58
4
2023-03-24 12:21:59
deeb37b7fee09796c54d839bfd3d8b372925f5efbab505cf21895f6f4206ed4f
59
1
2023-03-24 05:11:58
17fbe04f41d80d15ac5418cbe580e516a157aa0ce02495660feb653f658b43b8
58
0
2023-03-24 03:38:39
2ba1afb3660f5f3be924512c05b81e1930b341e602f5ef7e830fc39490a369f0
59
1
2023-03-23 05:24:33
9f172f87837fc66a6acdaa0fc1f096dcebf6f7528aa0e5f0eae667963b352c46
59
0
2023-03-22 19:06:12
a5a2d1ba838e3fd4586b1fddfdfbdba22bc396cb3e296aa16f7b7869fcb26f1f
59
0
2023-03-22 14:12:24
f590b5d9c60f27f88ee136632a4b34d037ff271dc55275b4cff859bd48eb06f2
59
10
2023-03-22 01:18:52
207395ab12bd63f0d35d0f72dce41df093ffe6b836d01ecf9251686ba5b00dcb
59
0
2023-03-21 18:24:52
f5080433ab2cabc9368cbd5c0ba3e1e32011996089c553baca07fab4d4592ec9
59
0
2023-03-21 17:07:34
d84f02d8ae6845530cdec72fbf52522e41e88208ccf0cae7980a7adeba45a3f2
59
0
2023-03-21 09:43:03
f838ec5a4b277133a578605e8bdd0be7fbeb6d97f4d2b7cddddeaf947327a02b
58
0
2023-03-21 02:12:27
4097fbff2b94d6d1f3b30cee2f48b4a396ac5a849727d1ad1ca90e7403c3b2e1
59
0
2023-03-20 00:37:27
75de85c1b9f9f791e7a4b52b9e2c8217e49da7dd7c6437f06788557fb7a19023
59
2
2023-03-19 18:10:27
1eb916938acc10501f35e2b219a135ab4abcae67c8f1d74c780637855ddc1bb2
58
0
2023-03-19 14:16:00
cb10fd5829593b0e065138c486562a951338a6a12ba648ee0882842476dd9ef3
59
0
2023-03-19 14:14:47
28f83180920039a1d8a75f5af70203f00e00024f60815f176f5132361ac61617
59
0
2023-03-18 15:36:44
25eee7134b0a824f90dc16fb4a0aa8ffb112e279dab8a6d6514529b86f218266
59
0
2023-03-18 12:23:50
44e49eadd81b21a0ffc86743f35533a61a1e79abc4c24cba85ebeaec22ca65fa
58
0
2023-03-18 08:00:56
8efde26b268a9264c0a216a6d9a6798161e103e88197920f17c7d10dcf7ce743
59
0
2023-03-17 18:07:52
5b6a53880694e45850c2415e6dd07271a34721981be64d5c52b1775604a25645
59
2
2023-03-17 11:46:29
88862a4a68ac9e34058c8ef0278c9fdb6bef7af46f8add55b7e663685b37bbee
56
0
2023-03-17 10:02:50
ac4814d2973c050b02eb2a64e7a1fcfc07afaa8950d39a6879f644ea2d0619ed
59
0
2023-03-17 09:24:15
1c5dd67885ad98ebeaff65870060710f4bf0e5294550e57517f03da58b651db4
59
0
2023-03-16 22:46:00
a6c60a56a0aad962c30c202b53aa673cc3e827d0da19f30894b43bcac9f2d72b
58
0
2023-03-16 22:19:47
4e1c90da60e3f6e10a80c030507290b4998c84c2ab6dc5da24d00a274ef98ffa
59
0
2023-03-16 21:39:24
7cbfaf9a1b74d911458fda5934057080bb2b5a78b8f729ecfff4bca1667cb0cd
45
0
2023-03-16 20:07:48
5e9cbd27fac4b686cddd43c6960ca1b831bba517d49d93b0f31f8ee41e7ec46f
58
0
2023-03-16 17:37:06
4ebb1aa7b11e48f69c0f52df232ed8b1a1b0daee9732abdc1248014c7c14fd12
59
0
2023-03-16 15:46:54
a5ea42c06e3f00ab669d91554323f06aad0c34f49914fcdc27c8b8b5ec71b4bb
58
0
2023-03-15 08:45:09
7602ab2e29de90c907ddfcb4231c71facade43c937b80164b8ab456603d2e9f5
58
0
2023-03-15 02:49:59
679d060de2e1b000a0111249a4791ba94183915f3e596d0b69a7301faea9f903
59
0
2023-03-14 22:54:18
1dce1a45b2a1b9eddcb4179d552f40bc8a189e5c6be8beb8e069a890dba779eb
59
0
2023-03-14 12:55:48
6f36d7d81c7e00f7de52729a75b763bb3f6821312340c6d11767d244f812f08d
59
0
2023-03-14 12:26:27
0e3b6f57432637bcc9ba3c6fe04bb004cf63796964a7258bf7067889117a684e
67
19
2023-03-14 12:12:33
02c618a4184fa1f5a644bb4e0d8a1d36829ce3efc6fccc5bb0e661f903b91ed8
59
3
2023-03-12 15:17:13
e2a727d71c26c9253b791771ca6ad37850e4ae526e5a76ae2a07ae99ef83615b
69
22
2023-03-12 03:07:41
2602bf7d58ca2444ab9a93bddb880947dc8b072ccd61f0d5f220c8688b0fbff5
59
0
2023-03-12 01:41:17
10fe19fd4ab2b407e6fa0016abcc55d932b6d655f09377ad985531ccbc85abc5
59
0
2023-03-09 15:21:57
1c0c09be4c107a01fae9e686cf52579e14f0ce1d6385932eaec574cadb75a26c
58
0
2023-03-09 10:59:25
04e46878fdf3316075656e073653a34ae8929d18f15888742530d94c87dfe91e
62
4
2023-03-09 10:56:03
d63a43ab32a476d041edc8f7149fbaf131595d6709fabbf8fc30cb3a7861e800
58
0
2023-03-09 08:53:18
94b8172659365417ced06bca0a5213547e6281daa42524a6cfe5a2fbf97facce
59
0
2023-03-09 05:07:08
c935b89c7aa02d758ed85ef7faa4d24ef0baebfe275d963fa962cf9c3e75315f
58
0
2023-03-09 04:07:38
3aabe65f773b8199ab3176be78bd4979e229e563a470cfb5a014f1023d17539b
59
3
2023-03-09 01:11:56
cb1e7498dcbe72083463d95b8479c4182c1d90adfc1fd4b03b200850247798ee
59
1
2023-03-07 22:01:12
b6048e1e9ce8420de7993baecda980cc9908ddc7e35a726efc92b2e66df14a1a
50
0
2023-03-07 18:16:53
4aaad488ce12168ead924658e97bb45b7462f2d7f2b6ed27a01028fb2e13adf3
59
0
2023-03-07 16:19:05
d19d4775494aaa5021696b01632945507d9790ef54247f80da754df88468fdc7
58
3
2023-03-07 03:48:19
802d435ec6ffa182410240de37ae812acd0adce2e995631942693890c55d0ac2
58
0
2023-03-06 20:10:24
c588b25e62abd7c7777cd06123aced9612f05e31b1e14405d9f6ed54a2d92ff6

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022