qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/TrojanDownloader/O97M/NetWire/TrojanDownloader_O97M_Netwi...

13 lines
613 B
Plaintext
Raw Blame History

rule TrojanDownloader_O97M_Netwire_YB_MTB{
meta:
description = "TrojanDownloader:O97M/Netwire.YB!MTB,SIGNATURE_TYPE_MACROHSTR_EXT,03 00 03 00 03 00 00 01 00 "
strings :
$a_01_0 = {4f 75 74 46 69 6c 65 20 28 27 74 65 73 74 35 27 2b 27 2e 65 78 65 27 29 3b 20 26 28 27 2e 2f 74 65 73 74 35 27 2b 27 2e 65 27 2b 27 78 27 2b 27 65 27 29 42 } //01 00
$a_01_1 = {70 6f 77 65 72 73 68 65 6c 6c 2e 65 78 65 20 2d 77 20 68 20 49 60 77 52 } //01 00
$a_01_2 = {28 27 68 74 27 2b 27 74 70 73 3a 2f 2f 74 69 6e 79 75 72 6c 2e 63 6f 6d 2f 79 79 63 6c 76 75 6a 75 27 29 } //00 00
condition:
any of ($a_*)
}
Reference in New Issue View Git Blame Copy Permalink