SUSP_PUA_Outlook_Redemtpion_Mar23_1

Rule Info

Name
SUSP_PUA_Outlook_Redemtpion_Mar23_1
Author
Florian Roth
Description
Detects redemption tool for Outlook mailboxes, which could be an unwanted program
Score
60
Reference
https://www.dimastr.com/redemption/home.htm
Date
2023-03-15
Minimum Yara
1.7
Rule Hash
cf5848d99f1bec3ca24967f79690861c
Tags
['EXE', 'FILE', 'SUSP']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/susp_pua_outlook_redemtpion_mar23_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
0
Suspicious (< 10 engines)
28
Clean (0 engines)
18

Rule Matches

Timestamp
Positives
Total
Hash
VT
2024-04-10 19:06:23
0
71
d40653a1224d04d2e530b0ceec67d8e86bfd44941478a70f2908425b944d8dbf
2024-03-25 03:19:16
1
70
abdf43491095c4871e6389b7afdce2478a74d725b390d8aa1632b469f5a8927d
2024-02-25 08:05:49
3
71
cbc572e203226d082f7e4f32ed5a8eebf4ad28228cb05e9ae44e99de88fe919e
2024-02-25 08:03:07
3
70
d6b75587ae33381595968487afc63068bb514e651d9f00161d0df36fcfeab455
2024-02-25 07:11:55
1
42
01b049b8653585d3cc5f5ed2aed41bf50c5a2ca90654d135334bc1579b054274
2024-02-22 20:06:29
2
70
d1061e44d7719280dc69eb3bcf7f7ea53f6821680c4dd25e17f529e483d219d2
2024-02-17 08:00:48
2
71
f1dbc56f99922fc800c6d635f02a65e6ad08b32dfb38c05a8f94d409375e28ce
2024-02-12 18:01:21
0
40
c6c24735593eae166cf993fe67dbdcaf29dd47e0365b6387f358e950a4cb5971
2024-02-03 17:26:21
2
70
9de01410f0866906dde9e3de5845184ba096052b0de27083a1baa6a7133174cf
2024-02-03 08:03:05
2
71
be6cbc3a5d9ce3378c58ad2628b3f44b4364eadd566b7cf49b4361c12b1facc3
2024-01-29 11:34:28
2
70
3ef9d721a26a4e22da0b29223e1f29fffb9ace5b178736460fcf792de92c6844
2024-01-22 03:01:20
1
67
95334a98aa851e28e756aeaea80e8fb452b8475dbddfbd9383618cf5a1aef0d1
2024-01-18 20:11:19
0
68
6dda24c5ee6d11af925087e254a245005b88fb66f05e3ea3520bee50d9249c8f
2024-01-16 11:01:48
0
68
904a2eb2d723948e372e5d1e3fa3022a8be8f21ac9b4bd5ab6dc44f2489b3875
2023-12-24 12:56:57
0
72
f89e4a8cf40b842814bb0d1c71d0255144d93ed7b1048726fb3703d9239eb6ae
2023-12-19 06:32:28
0
70
45f006d4f6a2d756c32533e35c0b404860f718315e57562ff5dfe76c65cd37b2
2023-11-18 09:54:33
0
71
96a8da11a58f346902599222fd909f3d71389e1d9c9829f75c1d6ee8c2209a7c
2023-11-12 01:08:54
0
70
4c41daa15963b4b59d0f5eaf614523b80e8f014b77d75297c960b8a1ffdb00b1
2023-09-29 02:14:06
0
70
077484c8fc9baa9a6ca85485ea17411a8fe298223f771ac38fce159d5a80a30e
2023-09-14 03:09:42
3
66
a85958739976481dfdb2cd4246399f39ffa95eda70d89f5a103ecc640838549a
2023-09-03 18:01:50
2
65
9b486de814c665be0698f6678a365f6457fbe845ca5b0d82ace53c3284fb5de4
2023-06-02 15:13:28
0
70
d19d1ca9fab026d64d6609f93eb0044ae9079e1e0d3df54529caa4cd8d389707
2023-05-22 07:16:28
0
45
7f4b035b5e09162d35c508b02421cdf46179be440d95ad00bd16a56222362864
2023-04-24 17:11:26
0
69
85f788469f90c69b0b0cdd272d1f19575c98e703e315afd8befb30a3a1a9c688
2023-04-20 18:14:30
0
70
b656ab8d8bd30c974a7d2e34a854649714d3d5c645f0406a14abdcc871e3a9e6
2023-04-14 03:07:02
2
69
01040b64b9a11566b7f00d7c6caf8c0ee76af5dafd7812ae099a9d5dcd43e1bb
2023-04-14 02:09:50
1
69
00efe3732747a97ab833286a1124c300d29fb555c6ecd1c65f7db9b60b8a8ee5
2023-03-25 21:30:57
0
67
3de5ae6b73ee8b722eff8579c4607d102729b287e4b9127887d6adce88e4a273
2023-03-25 18:52:33
1
43
f6d81861c156251ec1683d2c963b0121e1504e338a41a713283902406c6232b0
2023-03-25 18:39:49
1
63
794d50cc71bcc4bebfcc8bafa6a13e41af9952441ee83c5628ccdf9a545e6874
2023-03-25 17:52:54
1
50
7b5091bf67836e0c23fa8f99e28a96eaad10bb18e82bb607a4c9b80c50676f67
2023-03-25 15:07:27
0
69
ff1cc76ef71c3bd99f2d28b88b599d5c652c951d2e66e15d750266a0643dc6d3
2023-03-25 14:21:30
1
59
6081a178becc19954d614e03176ef0411a0de54284c1f514bdd1a503d4311227
2023-03-25 13:59:46
1
69
ff3668e10cfe629026c970b5cb2aaad249aa0d7031ccbcb0539b8ddb826b6fe5
2023-03-25 13:20:36
0
44
f1c88a3c9ac1bfaa67d7e22e4d6024aa146a1b7df95b75a08bd831d2efa04b64
2023-03-25 11:43:18
1
50
88d999801fb78af0aafca7635636d248832e05f595bc89a65ff037fa326c89b5
2023-03-25 09:45:21
1
68
b89dbab676bbd9efca98b6106ad688846b7552871d7d6e62c71f6b51ad68c827
2023-03-21 08:13:03
2
69
50eabd3813dce0bc5f9492e282d4add966f68ea76b2f2be78a54f8a726ee9a1d
2023-03-19 11:50:12
3
68
0a553b63e61e18a19d9c17274a5c859ac98c4699231c2d85d037a6c4ce07da6a
2023-03-19 10:26:51
4
69
7f01291227c0d6a073fa26a3bf401a53d9b86524520749648766413b2133feb0
2023-03-19 09:21:04
2
69
9a6ab1078e49514d5d6940aafe1422c1d42ec37477992592cdabad4108971aa1
2023-03-19 06:39:32
3
68
59b7d3ff2215e52749235a3d0b25b91538df2d0bef3907b30d08660486dbc623
2023-03-18 19:07:36
0
69
295e55f6cf2c2fab42fd517b90959257fd92a174aaf2100dc34be5734eb128d3
2023-03-18 13:35:42
1
67
908618183818ab10139866a3e740c8c204d0c9a7b355c54d3576cb839a00e1be
2023-03-18 11:38:06
0
69
a737fb0e476c8bdd4d793a6bd1de9eccb99a6483e723f63a8d4b17508ec824e1
2023-03-17 07:42:14
2
68
d2b6729871dc66757a2e0322391298315230a9908168c5418bfe981ba451b46b

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022