Detection of Renamed WinRAR

Rule Info

Name
Detection of Renamed WinRAR
Author
MalGamy
Description
Detects instances of WinRAR that have been renamed to fsutil.exe, indicating potential malicious packing of files.
Reference
https://attack.mitre.org/techniques/T1036/005
Date
2024-09-30 00:00:00
Modified
None
Id
0cd7c3f3-3053-43df-ab0c-f7e472d3231b
Tags
attack.execution attack.t1036.005
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022