SUSP_Python_Base64_Encoded_Sep21

Rule Info

Description
Detects base64 encoded python scripts
Reference
Internal Research
Tags
['SCRIPT', 'SUSP', 'T1132']
Date
2021-09-28
Required Modules
[]
Rule Hash
6029e331b1dbca9d6ca9adc81aa787ab
Score
60
Av Ratio
18.91
Name
SUSP_Python_Base64_Encoded_Sep21
Author
Max Altgelt, Tobias Michalski
Minimum Yara
1.7

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
28
Suspicious (< 10 engines)
8
Clean (0 engines)
31

Rule Matches

Total
Timestamp
Hash
Positives
VT
57
2022-05-27 11:08:41
b9c76e6dea3dd756c9f15632b08cac02b97b2c47a559ed3ece86e390daac12f5
18
58
2022-05-24 16:25:15
19e6104677e5e9c29997d8abb17465e96b28b59dc84918875a0b3cea1229b980
9
56
2022-05-23 17:07:02
d2504e0b47147a1019dca4d1e9f0e9671a9195d1998c40bcdf668abef45eb654
0
57
2022-05-22 01:29:46
c5ec2a8c69b931ee4e2e04518f75a90edbb8e90c58052f11f28e3e96d3cf0863
0
57
2022-05-19 13:31:18
e5fd645627e94f336e22fed502680d9c1a9c50f2b579fef0e13e51987c594bea
0
57
2022-05-19 11:54:23
61805321770a2b58e97887ab31b4a24124f2b13a73a2c37fabbf567e60043d3f
0
58
2022-05-12 01:10:14
597441cbef25ac5d542011fb76d3e192ab214466c2845105a4e3b2c91b9b2529
10
58
2022-05-12 01:03:46
acc79df384283f9ff57ca6ca87db24e75301295eeebcb7f73afd4c848190c150
14
58
2022-05-12 00:57:13
531acaa932c7415066d8c811ac81627c1b7a33430d37df6ec1b7b1cb30d895fb
10
53
2022-05-11 19:06:01
39f29769978d97d5b75bc102019ebff50058d3a419b10f9e1aa663df2b9b7573
0
57
2022-05-10 20:58:41
f23bf4bae3b3bff94a01745646ad26d395def2d2ccb9940bbc0d38048fe8640e
0
57
2022-05-09 16:58:26
b2bbc525b88d1ed0a37c683ac605d808f9540a1c792c57e3ab055f6277282f11
0
58
2022-05-09 16:58:24
daece6a713746dd40b70ef1eb55a1b5326e13c53ece1b13473b1006ab2cfc961
0
59
2022-05-07 05:32:41
8985bcd2760f432e63bb7498e9af5c6501b95766e2f78699a82e5303a473927e
24
59
2022-05-07 05:32:36
517f23d271d1020163a1043fc2e3209d9922150834f86967eff332b8079314b4
24
58
2022-05-06 14:13:14
824581eba0ad92f05b1af936d174a8d39e5ec8f5fdd2613cd386ba10b370d1dc
1
57
2022-05-02 07:15:29
fae8c4d5b0543875701f9d293be755805ac6e39339b01a33a7d1bac7d2b1650f
0
58
2022-05-01 20:51:44
507e8dd8e5dec290cfa399f4cf25389515203e5201f7236e38851686bc45d4d8
0
58
2022-05-01 18:28:56
a8f2f224b896616d1ccbd48045bddfcb116aef34c1ba91277a3a4d1516d9ebf0
0
58
2022-05-01 13:06:49
4a6fb5fe4cc84d5548dd52d2df330af0e1355ea8b46d7215785155ccb3a20c7f
0
58
2022-05-01 12:44:46
e77fa9e888634da519b6437e670885c5866625f1e8d90900e953119d87057d96
0
58
2022-04-30 14:12:29
36f2022a92c053215694cfc64ea8716e5f49ef41a55eee5ad1a240419e1cd997
2
58
2022-04-30 05:48:26
5d58a44f383e56cdcbf451aa9c88a1602b1b1a8a6ec6f8ade1b0f25f7d0b6f50
0
58
2022-04-29 20:03:43
01ce3a6d664dcc35e8af971aef7e52c0d6e5cefac40af4cc2e1c85cc4e7e6548
23
58
2022-04-29 07:25:51
aa131a90fec80007c19d85613f7fbbf6c39b4521f353e3850080c0d09875e001
0
57
2022-04-28 23:12:28
31a13154af06729e368672415ce33a201310e9284fd000ebc2d5fcf7e8f9fe31
0
57
2022-04-28 18:29:14
0725c00c55a32a91c1efaa9bb9c1aa5778faf95e6d81932d31d16175056cbe47
0
58
2022-04-28 00:10:02
57c7ad5a727d6cbd173cbaeb8869ae7363f9dd4dd494f9db56a9b614a96d926c
0
57
2022-04-27 19:22:33
9816cce87f38743b64e151a6ce37f582260301f9489e6465a7ec1b69d838d0c2
1
56
2022-04-27 12:44:20
40a0c89a311d98ecf076ed69c4dd7e793c5c6ce2ce1ca500a7ede333cff5d77f
0
58
2022-04-27 12:05:30
0d3d6232b9665fc9083570bc339c1a54a7d30183d18d4b4b214eec65706bba50
0
58
2022-04-27 05:53:11
78a29ab914ad7c2696cd95546ae0ec2f28619fd10efaf49e143aec2f761dd846
0
58
2022-04-26 21:36:52
9a1cc3cd074667609ea2557d8910e47dfcade25819c7e14a486dbd5fee69b697
0
57
2022-04-26 04:43:50
247be816f4680c72c3bb6a482f6a4aa2d71e9a4370b8f58b1d079b588d8f5629
1
49
2022-04-25 12:37:12
edadc4670909934921cc8dff477fb41be482a74038f15de1b2c056a126d179aa
9
59
2022-04-25 12:20:50
bdc32f06463fa9cbf5abad5318ebe79ff35bf601d383471bb2af61c8f0041b67
20
59
2022-04-25 12:20:44
c1657c1dbd4e3dda7aebb5f783af9396df99b08fd9a414138cbd2212a72828ea
25
58
2022-04-25 12:07:24
a9e192f3120a1d6499b21267ff01439d1830df911ef1503450bbe65f3d2d3193
20
59
2022-04-25 11:07:16
22cd4710cd3685ea293f1c595920fc23bad6208722c15cd7a04f7d2e02477696
13
57
2022-04-24 22:33:54
6c9b869985a5ce4950972fececf3575afb1ae035e27c0edfb0effa5580fa1692
0
57
2022-04-24 20:43:41
30ae9dd4666d594a2bb43bf0e70244a834ec5db4b2f87ef86d507379c72093e1
1
58
2022-04-24 08:45:05
e499a6600ce198f4eb2e3f279d52a476e6af9a6fccc060b784ef55f549214430
31
59
2022-04-24 08:45:05
c37188a454acb0bfb96e4760349ab529a43fbe48c0f0ef70e41bab3a3419e729
30
59
2022-04-24 08:45:00
583ae016b4c79b9bafe057f11723845f1cbf9b78ac56ba20b2887b5419c78a7a
31
54
2022-04-23 15:29:12
d894b7f82e31a1984dddbc1a7d161492c1b20a6e62e1c33c745cb8ae0efcdce8
0
58
2022-04-21 23:43:42
9a7cbc5b38e44e7a7267954d394dc08e0b7b8564662702e0e83d5ba301112243
0
58
2022-04-20 22:14:09
032a5847c0a1e73f3305dc0315af6c86b043e7287222ba4fd07d4e8d20b9cfdd
0
57
2022-04-19 10:26:00
857c9e8ab08ea1c2f14f422bda6a80947b8c7a7ee0de7c621b9c278b6197d706
0
59
2022-04-19 03:52:34
a43776cdce6a00d6d5fce6acc0d29371142319e1593db4c82c303a60292f64da
31
59
2022-04-19 03:52:34
988080f0293543abfc604835ed419f567234109733fec0e3003151acdfcd124d
31
59
2022-04-19 03:52:31
65df6fb1efa44b15ee97514ce53fb9895a83d36d6f6aae66864dd3af05866f38
31
59
2022-04-18 11:42:42
a122439a2c39233139b53443b88b2deb7353116e2497170d530ca8aed3ce5ed8
26
59
2022-04-18 11:40:15
fbca9e2a3649279576a967f49173024d295d866e4c56fa66303a2a4ddc672155
30
58
2022-04-18 11:40:06
99c8125117d45cddc643aafdc5dd5b598e742fe7329f681541c2ab6b723131f1
31
59
2022-04-18 11:40:06
379649baeaed507be002996f8eec7a89db13e7eb6a88f3df6969f54d85d6703d
29
59
2022-04-18 11:38:31
7d7d0b4353401225e8da8424a7e1c5edaa091b256bdd48b7dcb158befca0b205
34
59
2022-04-18 11:38:24
fa98add22756cc2041f1dc372c709a4039cd0d6ae000454f728e95165be08abe
32
58
2022-04-18 11:38:24
f8fcd7e13eb4d4c2fcbed5fcf765376088b7de1e0c35ef7bda6e9f35646171d4
32
58
2022-04-18 11:38:24
40ff24d1aab366d334c58facb4eaaccedc41159e32d3ee8397dac76d377f2f75
33
59
2022-04-18 11:38:24
86f7ece38132d31f9e53c1fbd8319b0e19cb52870ece8cf6b1f2e281660a0f8e
32
59
2022-04-18 11:38:19
7b184cae6d3bdf53cbabe9710d14befcafdbccc47f0222d477e98f79c062679c
31
58
2022-04-16 20:30:56
5150319fead3a94e59b565d0daaf98f106681445a20a8d09c8850690917ec079
0
57
2022-04-16 16:56:37
8a5e6bcda1a666150b264a721e26b6985764e2cc0bbf0e684352cee6ea27a752
0
57
2022-04-15 17:56:19
8bdb74601e313db04fc526ca98e1d3584e1002bae6f119db5e6f7649a99354eb
0
58
2022-04-15 14:05:31
df6e747d512db31697a9986155e540753e6d2c67e1f08e88fba7769cd9e63575
0
59
2022-04-14 16:48:01
49849d6d866ae7458ec1e6e93da8a949929f8e7063ef0c0e525a2ccb3845ccb8
19
58
2022-04-14 15:11:57
c5caf2ea93264e3bf94cce03c617a671006eb483fa02aa18edc0c9ddcd39a612
2

Rule Matches per Month (last 24 months)