SUSP_Script_PS1_Deflate_Base64Decode_Jun20_1

Rule Info

Rule Hash
249c2979c3ae47f300044a3cdfa978b6
Score
70
Tags
['SUSP', 'T1136', 'T1086', 'T1132']
Name
SUSP_Script_PS1_Deflate_Base64Decode_Jun20_1
Date
2020-06-05
Required Modules
[]
Author
Florian Roth
Description
Detects suspicious script that deflates and decodes an unknown payload
Minimum Yara
1.7
Av Ratio
7.29

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
3
Suspicious (< 10 engines)
37
Clean (0 engines)
5

Rule Matches

Hash
Total
Timestamp
Positives
VT
e05df05fb95ca9115f3eaa1ad99f72d95e215ec2e9ede4d0d37d6df29a5c1a00
58
2020-08-03 14:29:49
2
5e9632cb1c76cbafc070a49fb16902cbc46e00950d3eaf6afb02197b3f328090
59
2020-07-30 00:13:34
13
1c1e9d0cf5cd312c4b96bba7dd496588c69cd86d918daa5f77740c58850d9b1d
56
2020-07-28 16:47:35
4
081d6885febae11bebfc44fdb5f4ce4368dbb7d3de8ed796f43e3cb07ee56617
59
2020-07-27 21:04:35
5
c8aa815500ca1de2cb3ac4fa2d8f93a08c294a21e209cf05bc7c0c3679585dc1
59
2020-07-26 14:43:31
1
bbcec6e5e5cc6b5f5466659b3c28cd0c0ccbe9059b393ca828500acc60be7594
59
2020-07-26 09:30:57
5
942e990daf4d01fe8512aa76166e71830b63f9a34198d1dfb2ad737536908524
59
2020-07-22 11:05:22
2
8de68c443917590bbc47cec72a08e5fdc197d7c5490422fde17112a45a10b907
59
2020-07-21 14:45:24
18
9bfdf42a2807752bb0bc36647bfe520ec49896560f69b00586d6d952af707b7d
58
2020-07-21 10:04:19
4
3b0245367d3daefbc5f607e5195582d185c0748723801ae4c6a06d1b3207220a
59
2020-07-21 01:04:54
5
98ab1c15bc69424f9fb893be3b1722b8b50e73bcbb70439ed0fd19f0959cf72a
60
2020-07-21 00:26:51
5
255194778fa63f7211526c74b151f93847fa02160d1293277011b090482b0203
58
2020-07-20 13:25:07
2
2b2b1bb927536ab4239587067974f3ced9b8b4e861aab23013de10f71edcceb8
59
2020-07-16 14:30:11
2
d89a430737edde104c0db57379c6a9aade6f2858297375078fd0f6c81d6eb0f7
59
2020-07-16 14:26:33
3
7a2741f1c925c3de18caf36213b01b885f78febdcc52cd61ff152ef2ec70612e
59
2020-07-16 14:25:20
4
a12cef4a5e60e495c2c8ec6ebd8d321f92faa51d3addf28101996da604a63ecb
59
2020-07-16 04:58:30
5
511bdd8d6805e9e1e626b00aa1ee8886d7eb588838aa66a93a1da26b32fd2cb7
60
2020-07-14 01:05:46
5
414c92e6bef44d471f562f3c31b20ded9bf4841736636f3635921b0a07ef7e97
58
2020-07-13 21:04:20
5
459ac3dbf4a891b65cd0193e6e89820d5af96a41daa75a5c1f97631606a532d3
59
2020-07-13 02:55:57
5
9ae7a7f7e422c93db84e64e518ca70bf82df6c467047782dcf6b2c877fc27fcc
57
2020-07-13 02:52:00
5
75e154f0a71add62a19bd3ad361b71b34a1e1a00e3aac5bedced2dd777ce480b
59
2020-07-11 02:11:51
5
7e69338e6b71e68065d9e94bcf6daa187705a41fa9ef7fdcaf3f681855cb6997
59
2020-07-10 21:45:57
5
e8184049dfc75d63b5cc5abf1d19dd60c5b19fad8aa2657bf0f61df39cde9efc
59
2020-07-06 15:53:15
4
67459e48c22014774a7d340f2535215f12cd4bedb32cd5d13735985e42511e3a
57
2020-07-06 10:07:29
5
d87018989e207f01a585be394929485a724e65fc6f42209d8056087aa66665cd
58
2020-07-04 20:57:14
0
1409abd0da06630369a2ff12a0f9d931632eae6e4ea54c9e061ae75f70bd69cd
59
2020-07-03 16:11:33
5
56248df264f65df89227d5da9c45c4d1ae6128b798a2950b8a448638e29de58c
51
2020-07-02 20:52:08
1
3a411603005fcfdcfc9a4e7d1d3c6c2e14e90584468a99da2908e1fc1c54b992
59
2020-07-02 06:19:39
5
1a1ce122782eba0b0b761a5330466ccd52667a19f5041e5c5c14fc3445fa8537
59
2020-06-29 23:50:45
1
64b297a69b8ec8407cacd80d73926050e0fbf4443e985cc0dde7235d0a77c8f5
58
2020-06-29 23:46:43
5
afed8844df710e504b293b82e46aca5e336587584c4cf0f5e054a36fdb29c842
59
2020-06-29 17:53:33
3
aa1361a7a026f9c2bf14aae6b26ebe43dd6881388f46a69923ada69cbbcea9b8
55
2020-06-29 15:24:05
1
1b9397c128ebe18755a63a24b8da72777a34bd455a70797afff67d5c7e607079
59
2020-06-28 15:23:45
5
c17b9bf7a2190f29472fb631cc6d3e1f4af62f140742273c9019c0fa385370c0
59
2020-06-26 16:19:58
5
70fe2b1649aea203ba6268bf4d92326a5ad07d14539f87851249acf7ae7c0152
59
2020-06-25 23:26:28
0
45ab7521d0eaf499eb438c6e151d5afd71a345167f102c9ebabcb5465f5f3ee0
53
2020-06-22 07:43:21
0
35cf23b72f8bc3a94897eba74406b1e4c521f028fee7be6ef6510f7bd7fd61f5
59
2020-06-21 16:26:17
5
02f430d794b4db74ac72788513f7898831f0ffa1611815815cc77124bdec3831
61
2020-06-21 15:57:47
3
95d613fecdda59e5f40abda7d4f264a5f64f587bd96bdc7c0f14fc153c58f02e
61
2020-06-21 03:12:48
5
c9a1c334fbae90b88d6c89a97af20cb9e76f4c64c1a5a025e940c4fa3d6785fc
60
2020-06-17 14:15:17
0
86a2c7e9fa03d4a6c92ae3f3126ffc0c0d368035d3bce9f74e768dac0b5d363f
60
2020-06-17 05:34:44
4
dca0642e2ccc7c248f6d617a02b31945ecb9003fac0462b9cce356bc34c48768
60
2020-06-16 20:26:01
0
2a8b57903ffb138be2ba7e0574e0ab76a1ad3e8cbc05516fd0c4783590049524
45
2020-06-16 05:00:55
12
508d528344c7d00f08ad309e8020b111a8f6ce811a6d12df3a05e57fdda9aa41
58
2020-06-09 10:58:12
5
43ae815437a60ccb2eb4b02ad5fb0738094e3be410135154a362d8745a4e9d70
58
2020-06-08 08:24:10
5

Rule Matches per Month (last 24 months)