SUSP_Payload_Analysis_Jul20_4

Rule Info

Rule Hash
388030f00e6ccd05e5778933c907b652
Score
60
Tags
['EXE', 'FILE', 'SUSP', 'T1136']
Reference
Internal Research - Payload Analysis
Name
SUSP_Payload_Analysis_Jul20_4
Date
2020-07-16
Required Modules
[]
Author
Florian Roth
Description
Detects payload indicators noticed in July 2020
Minimum Yara
1.7
Av Ratio
14.97
Virustotal Matches
https://www.virustotal.com/gui/search/susp_payload_analysis_jul20_4/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
15
Suspicious (< 10 engines)
38
Clean (0 engines)
1

Rule Matches

Hash
Total
Timestamp
Positives
VT
9964e3f9773baf5b812434267507dc1d863596bf40ff893fb16a7d3f11a0aa48
72
2020-08-04 12:12:45
28
9a01c6a7245839348f0048ee6077c7c73888b0e5326f7083b4da24061bbb4c24
72
2020-08-04 04:20:09
2
ba1b29ea3eb6a23d5ae0740b6beda3451fe053c6f3842b7cc4f16b7a87311758
72
2020-08-04 04:19:12
5
e0d564d71b28e51d7f4e7613a15638bb7febb0a88efc50e69ac2963a3b9070b6
73
2020-08-04 03:20:23
36
4666315038781f17c1d08118e99a24d4032425e77543170669d27506ba74c8e3
73
2020-08-03 20:19:51
0
012c2fc71c6980cf6c5afd4db97f027075fd306aa810f9be5b18378654a9e360
72
2020-08-02 16:02:49
3
a4d431fd40b1591737efda87683f8c3cabdbc98f8743b78dae4066c4044243f8
72
2020-08-02 16:01:59
3
9e7824170e8d619b0dcee0fe4e16bee9b2b2ea89381126c9c43fb9052ef49197
72
2020-08-02 15:58:46
3
52dce7835444f0f88f105e0c36bbb69bb8c030b6b86448a2a18c34b3295dad3a
71
2020-08-02 15:58:23
3
57b4e88da53ba5b00e58f3b643ff58dd4ba1b5a9684791d5d05bd7bb705e779f
72
2020-08-02 15:57:36
7
7818c76b713bdcdb105c22632b7c452180a8b95cde9314d6afcf55fc953701a4
69
2020-08-01 20:10:02
4
9467442334be7ab95aff5726592bdcb8ec7268c2d4c0df00934e18de4fa39e38
70
2020-08-01 20:07:21
4
51ee59b5982588cf2c4e33f67e1555c3de43ff2049f53fee640ba933628d111d
71
2020-08-01 08:38:52
3
b84a7f36de9243c0d44ba21f7dc2153cbb25c8834a3fbb9fda18e728896aae6a
70
2020-08-01 08:38:40
2
2be67fcf8fdd6d063f261401d965cbf664540e1ca8c74357cfa4ea79c6c5b622
70
2020-07-31 21:52:31
3
ea55f1e95c751ab29b8784cf982a740ad2d06aead85dffb8690c1122c823ef20
72
2020-07-31 21:50:26
4
5fe36faa93ba2c0d8cf9de43811b3e65b22f9830f723000af20f6db7b1662e47
70
2020-07-31 04:11:13
31
d9599a6389b4abc971b9e4bc3856eb06b4f28799677a662eeda604a38bb3306c
70
2020-07-30 20:49:59
17
d69cfc32647a8dc8f9c7c0642fe0de790d2a58ee8bfc4400c1f8c546ee6f82b4
70
2020-07-30 20:35:10
16
4986f7d32625756bcd9b437a1bff5206be3fc94724035cc0277b261ebadf71f3
69
2020-07-30 20:20:24
6
2e2e7d7895fd0151ba08532a3d199a634ae0cf56048c5cf67ffe1973e44170d7
72
2020-07-28 21:51:10
4
d36ccafa78710aea18adf74204f349129ad397e5efb6c54a3941e56212c2a11a
73
2020-07-28 21:48:23
5
af01d52771415044d2a8e8a7cc38afca073ba61f87376b865dd26aac4c06f80e
72
2020-07-26 21:56:55
4
f501fa4eb7b4cc9796a296d075d7f61cd2e22629ae062cd45310013c898585c3
72
2020-07-25 19:52:55
4
eb1553a4f1a538dfe4549016098002ea935b3df4f8000191106d5f8360e91bdb
71
2020-07-24 01:49:55
5
6b555b79fcb025063be8e7de200c272acb1982582df475041dea3ae0aca73db1
71
2020-07-23 12:32:34
7
633bcfaddf6df08de8535011168b06c8aa2e924c3a42e764c5d244baeeb8f290
71
2020-07-23 03:30:12
7
8eb1234fed0004ea26a8c71b10490a82bcf63cc372225ed22ee8cdacdb6d82f3
71
2020-07-21 21:05:09
8
fe7086151f542d9f369513fa21f29f9dd2ab703adc6848703659b4d1ed15bbc8
71
2020-07-21 20:40:07
6
9ee5ceee58218a22e2d8c7aba70b4c2906e6cc6a3fd49980eb26dd51828ab0b9
66
2020-07-21 00:48:39
3
b52a1848774f4be403835d811fc99f28f856659d2837a751a682a9559521fb60
71
2020-07-21 00:47:34
4
a453b25c1bf6ac3a738b588d327eba9b1e53fa171be3cdaa3c3b600f2499072a
71
2020-07-20 14:47:18
34
795fe87011b02474c34dfc381d5927363a1a18f0c932ff1cb0b09060e52d7a45
73
2020-07-20 10:34:56
7
3bcb717b2420a765e6a1e86a6580ab12c321279cc68e1f2d1869c1125c3abb2b
71
2020-07-19 13:20:24
12
513ada4670e5d8d39d2703a36870510c635e9b07c0aad049c0ec46bab06fbd08
73
2020-07-19 11:02:35
18
8eeeb3aa684deb92fa85130d19fa24cdd04a47b65ccef32c25ed185c922e7ab1
73
2020-07-19 04:39:11
4
0513dd9372d4d46c26e50cb81f4bf2d12dbfb0743f61e8f112218c1988a6eea1
72
2020-07-19 04:35:19
4
98be8d121b71e92f035e4d790c63b07c894996e797c7d81ed236578520741af8
72
2020-07-18 15:45:43
5
e982c9ea57ed4489cf07836611801d9062352271c5942b26637eae48db20b934
72
2020-07-18 15:31:13
5
f0d6f999285c64909af9cda183be82f70ed39f4e82e8c7564958bd2236cdc529
72
2020-07-18 15:29:00
5
63e62fd8c5a18c1c49a32a8512485c387fb690127f2a9b118f83746fbbdb59f8
72
2020-07-18 15:22:43
5
711159a429a05cb315ac099aa173e5176912e22a2fb9eb3bb41ba56bebad5983
71
2020-07-18 06:20:10
4
9fb8f4935294411c71e6b4cb9b6417c0bbdc1d3f8dce97e0f98b4155679b0e99
72
2020-07-18 06:19:32
4
856145d179450b3a7ce9a193069b7247665a4a2d900bb6379fe7a4fd832e6a75
49
2020-07-17 20:28:42
3
9b3ac21c326f7dfd5ac982cda19ce4f9bef12d2217a9d5134c8f587705023455
73
2020-07-17 14:17:02
29
424a346d90cebb44cd2104f36a5e837716b8639931a03884eab1f8720b5740cf
73
2020-07-17 14:17:02
31
6ae14553e55207cfbecce2e40258d9ebdcc16852f5fdadaafc47849b8469ca5f
73
2020-07-17 10:33:59
41
ba53e359d985b2f4a5232adf4c3958a5722d148dbb3277a3879f7b5d3010b70e
73
2020-07-17 09:14:23
20
9ea6bfb50253861a76364d6dc4992cead09567bfbb5d58d86dddef59b791589c
73
2020-07-17 09:06:03
30
097872dfb8d74cc8a07129750620aaebc86f82d443fd72abfcaac0d7d8d7ece1
72
2020-07-17 07:11:46
36
457f5095b0a151df5e54f44e83521f21ad889a1a7efacb69c7cc2decd739f156
71
2020-07-17 06:06:15
37
c448e48ee129e0c473b33eeb4c487df5af49d1ab19216ac642ac496d9fbe032e
72
2020-07-16 21:48:41
4
e47f2bb5c124481a8cfb28a5d1f7ec69571fe5bf92803a6293746cc0f694951f
71
2020-07-16 20:29:21
2
3cbaee944e2f78199b2320a8ece39aaa39ee2ef0d1813802567e37ac1cefae97
72
2020-07-16 20:27:53
2

Rule Matches per Month (last 24 months)

  Warning: Access to VALHALLA is rate-limited. Once you prove unworthy, access gets denied.
  Nextron Systems 2020