SUSP_PUA_Outlook_Redemtpion_Mar23_1

Rule Info

Name
SUSP_PUA_Outlook_Redemtpion_Mar23_1
Author
Florian Roth
Description
Detects redemption tool for Outlook mailboxes, which could be an unwanted program
Score
60
Reference
https://www.dimastr.com/redemption/home.htm
Date
2023-03-15
Minimum Yara
1.7
Rule Hash
cf5848d99f1bec3ca24967f79690861c
Tags
['FILE', 'SUSP', 'EXE']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/susp_pua_outlook_redemtpion_mar23_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
0
Suspicious (< 10 engines)
52
Clean (0 engines)
24

Rule Matches

Timestamp
Positives
Total
Hash
VT
2025-04-11 01:59:03
1
73
e8d6776ffca5085c985c848913b1cb3920021947e274d4c69a7ba7275e5cfcef
2025-03-24 01:26:36
0
73
4ce05162f5f6453e8590a6ad47431015ec459ef9c1bbfd995adc62c09d32dc56
2025-03-09 02:22:17
2
72
89c3e6bcf2c3d35052d253c88ad6dfed067f8298b105b71d800e571cad621a1e
2025-03-02 20:15:06
0
73
dca6e1bb79df2c0b11baf8382d47ac9108242e7ee03d886536320ed76640f881
2025-02-28 00:39:57
1
73
3749019af5287ed4aaf97a99c5a508736210a2b4082217b594c15af0f36bef75
2025-02-26 00:54:53
1
73
3bc63bf7fd62320f8899fb3467b481c5b072347b5938a08dd03411e6427b90ea
2025-02-25 01:06:19
0
73
848e5814b1750bf8fccd05f95e58d20aeef4484910e2b12133fd8bea33922ac3
2025-02-17 03:25:22
1
73
d61ac1e9cd0f61b2a5a12ea1eeefd4a219eca6b5d687b08905aacf9fc2432c7f
2025-02-13 01:05:45
1
72
a408de32fc1411c169d8b3276b732789139e21011841d3faddaeee2300763989
2025-02-08 04:58:11
1
70
dc748042f80f6b1289885452d2cdb7451a73d50438854e245385b45656afacae
2025-02-07 00:49:15
1
69
e7bc907a9ddc72159f7a0da63f03d02721f828e112c4efbb33cde477f2ded5b7
2025-02-05 00:57:51
0
70
bdc6b5edab506885445b1905a994a281ff3cb4aee8c7f79bc357c0cf3aa2b6e9
2025-02-03 05:58:37
1
72
baf55da637fc88d5fc27d6a84acae7a3812a09e594b60fafcc710db7ace1760b
2025-02-03 01:20:26
0
71
6c69e8d7e0371cc18e44723ecfdfc0becd5e290388599c6dce88c73d644013d5
2025-01-29 14:02:01
1
72
f408069228e7311e502d9a1ef5e25a2f7694ddfe79d8d26e42ee717fa81fdfd5
2025-01-26 09:43:33
1
72
9e5ddc84132d35042e5650287ce0249ad2d6fc5ab2affc4a0d04df882c252261
2025-01-22 01:09:38
0
71
7e9200b0339e509c7f8cf8b95792738d59819a019581be9a5886035e5e1e71d3
2025-01-16 01:00:34
2
71
49d4a373910e804ece9d447e05340df081a3b433933759854591e3071d95e7d5
2024-12-24 16:28:52
1
72
1f57b1111a54229eaf8b65e985fa7bec05ed2be5b1a953215dbcadb6a21b6dda
2024-12-21 01:16:27
2
72
bd42096dd33bfcfda2c9afd6bf3d70f643b6a5ac26605c1006a0593bd2f73528
2024-12-18 10:16:45
1
70
e640307f959d28817e58282e48cb50cf19d5e6b25e2c0b33be2f9349d6f2307f
2024-12-03 01:08:55
1
72
668a02964495933287e53615780139ac621e6bf714876bcbbac18d78df62a1fb
2024-11-24 07:51:52
1
70
4049af896eb5198b01353e771b97d62d00f612617c57c384ad21a543aee32bbb
2024-11-20 07:31:14
2
73
cd48193380b98f188d7469371fdc2a85202f192270884bd542f9af93ef1ed018
2024-11-17 01:45:09
2
73
5d683bf551c809a27566db1c449d25ed58b6c88f643f35175474220bc3cc2835
2024-11-17 00:59:39
2
73
bb454da733bfbdb156d5ca5cd0ba8460842e7008a2aa5d0f6e582eb38075308b
2024-11-16 00:59:42
2
71
ca5934d6e912b7910d774d58cf8a51218a5f5b6a4f3b4f94d721ef554565e142
2024-11-05 01:06:45
2
71
cbef37f943f7693e14a74af270d2c221ff0d891dd9e9fef200e882c957875a21
2024-11-05 00:51:15
2
71
039f998838df4f61b5aa451ef1ba59590859f3274c598c5e92abe8d264d688ca
2024-05-15 05:08:12
2
68
96a1c11f168c0892dde41331f08181d2ae96f77e9f6fd2cd023850eb982eaa9c
2024-04-10 19:06:23
0
71
d40653a1224d04d2e530b0ceec67d8e86bfd44941478a70f2908425b944d8dbf
2024-03-25 03:19:16
1
70
abdf43491095c4871e6389b7afdce2478a74d725b390d8aa1632b469f5a8927d
2024-02-25 08:05:49
3
71
cbc572e203226d082f7e4f32ed5a8eebf4ad28228cb05e9ae44e99de88fe919e
2024-02-25 08:03:07
3
70
d6b75587ae33381595968487afc63068bb514e651d9f00161d0df36fcfeab455
2024-02-25 07:11:55
1
42
01b049b8653585d3cc5f5ed2aed41bf50c5a2ca90654d135334bc1579b054274
2024-02-22 20:06:29
2
70
d1061e44d7719280dc69eb3bcf7f7ea53f6821680c4dd25e17f529e483d219d2
2024-02-17 08:00:48
2
71
f1dbc56f99922fc800c6d635f02a65e6ad08b32dfb38c05a8f94d409375e28ce
2024-02-12 18:01:21
0
40
c6c24735593eae166cf993fe67dbdcaf29dd47e0365b6387f358e950a4cb5971
2024-02-03 17:26:21
2
70
9de01410f0866906dde9e3de5845184ba096052b0de27083a1baa6a7133174cf
2024-02-03 08:03:05
2
71
be6cbc3a5d9ce3378c58ad2628b3f44b4364eadd566b7cf49b4361c12b1facc3
2024-01-29 11:34:28
2
70
3ef9d721a26a4e22da0b29223e1f29fffb9ace5b178736460fcf792de92c6844
2024-01-22 03:01:20
1
67
95334a98aa851e28e756aeaea80e8fb452b8475dbddfbd9383618cf5a1aef0d1
2024-01-18 20:11:19
0
68
6dda24c5ee6d11af925087e254a245005b88fb66f05e3ea3520bee50d9249c8f
2024-01-16 11:01:48
0
68
904a2eb2d723948e372e5d1e3fa3022a8be8f21ac9b4bd5ab6dc44f2489b3875
2023-12-24 12:56:57
0
72
f89e4a8cf40b842814bb0d1c71d0255144d93ed7b1048726fb3703d9239eb6ae
2023-12-19 06:32:28
0
70
45f006d4f6a2d756c32533e35c0b404860f718315e57562ff5dfe76c65cd37b2
2023-11-18 09:54:33
0
71
96a8da11a58f346902599222fd909f3d71389e1d9c9829f75c1d6ee8c2209a7c
2023-11-12 01:08:54
0
70
4c41daa15963b4b59d0f5eaf614523b80e8f014b77d75297c960b8a1ffdb00b1
2023-09-29 02:14:06
0
70
077484c8fc9baa9a6ca85485ea17411a8fe298223f771ac38fce159d5a80a30e
2023-09-14 03:09:42
3
66
a85958739976481dfdb2cd4246399f39ffa95eda70d89f5a103ecc640838549a
2023-09-03 18:01:50
2
65
9b486de814c665be0698f6678a365f6457fbe845ca5b0d82ace53c3284fb5de4
2023-06-02 15:13:28
0
70
d19d1ca9fab026d64d6609f93eb0044ae9079e1e0d3df54529caa4cd8d389707
2023-05-22 07:16:28
0
45
7f4b035b5e09162d35c508b02421cdf46179be440d95ad00bd16a56222362864
2023-04-24 17:11:26
0
69
85f788469f90c69b0b0cdd272d1f19575c98e703e315afd8befb30a3a1a9c688
2023-04-20 18:14:30
0
70
b656ab8d8bd30c974a7d2e34a854649714d3d5c645f0406a14abdcc871e3a9e6
2023-04-14 03:07:02
2
69
01040b64b9a11566b7f00d7c6caf8c0ee76af5dafd7812ae099a9d5dcd43e1bb
2023-04-14 02:09:50
1
69
00efe3732747a97ab833286a1124c300d29fb555c6ecd1c65f7db9b60b8a8ee5
2023-03-25 21:30:57
0
67
3de5ae6b73ee8b722eff8579c4607d102729b287e4b9127887d6adce88e4a273
2023-03-25 18:52:33
1
43
f6d81861c156251ec1683d2c963b0121e1504e338a41a713283902406c6232b0
2023-03-25 18:39:49
1
63
794d50cc71bcc4bebfcc8bafa6a13e41af9952441ee83c5628ccdf9a545e6874
2023-03-25 17:52:54
1
50
7b5091bf67836e0c23fa8f99e28a96eaad10bb18e82bb607a4c9b80c50676f67
2023-03-25 15:07:27
0
69
ff1cc76ef71c3bd99f2d28b88b599d5c652c951d2e66e15d750266a0643dc6d3
2023-03-25 14:21:30
1
59
6081a178becc19954d614e03176ef0411a0de54284c1f514bdd1a503d4311227
2023-03-25 13:59:46
1
69
ff3668e10cfe629026c970b5cb2aaad249aa0d7031ccbcb0539b8ddb826b6fe5
2023-03-25 13:20:36
0
44
f1c88a3c9ac1bfaa67d7e22e4d6024aa146a1b7df95b75a08bd831d2efa04b64
2023-03-25 11:43:18
1
50
88d999801fb78af0aafca7635636d248832e05f595bc89a65ff037fa326c89b5
2023-03-25 09:45:21
1
68
b89dbab676bbd9efca98b6106ad688846b7552871d7d6e62c71f6b51ad68c827
2023-03-21 08:13:03
2
69
50eabd3813dce0bc5f9492e282d4add966f68ea76b2f2be78a54f8a726ee9a1d
2023-03-19 11:50:12
3
68
0a553b63e61e18a19d9c17274a5c859ac98c4699231c2d85d037a6c4ce07da6a
2023-03-19 10:26:51
4
69
7f01291227c0d6a073fa26a3bf401a53d9b86524520749648766413b2133feb0
2023-03-19 09:21:04
2
69
9a6ab1078e49514d5d6940aafe1422c1d42ec37477992592cdabad4108971aa1
2023-03-19 06:39:32
3
68
59b7d3ff2215e52749235a3d0b25b91538df2d0bef3907b30d08660486dbc623
2023-03-18 19:07:36
0
69
295e55f6cf2c2fab42fd517b90959257fd92a174aaf2100dc34be5734eb128d3
2023-03-18 13:35:42
1
67
908618183818ab10139866a3e740c8c204d0c9a7b355c54d3576cb839a00e1be
2023-03-18 11:38:06
0
69
a737fb0e476c8bdd4d793a6bd1de9eccb99a6483e723f63a8d4b17508ec824e1
2023-03-17 07:42:14
2
68
d2b6729871dc66757a2e0322391298315230a9908168c5418bfe981ba451b46b

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022