2024-06-20 09:42:34 +00:00
|
|
|
id: applejeus-malware-hash
|
2024-06-19 10:13:35 +00:00
|
|
|
info:
|
2024-06-20 09:42:34 +00:00
|
|
|
name: AppleJeus Malware Hash - Detect
|
2024-06-19 10:13:35 +00:00
|
|
|
author: pussycat0x
|
|
|
|
severity: info
|
|
|
|
description: Detects AppleJeus DLL samples
|
|
|
|
reference:
|
|
|
|
- https://github.com/volexity/threat-intel/blob/main/2022/2022-12-01%20Buyer%20Beware%20-%20Fake%20Cryptocurrency%20Applications%20Serving%20as%20Front%20for%20AppleJeus%20Malware/yara.yar
|
|
|
|
tags: malware,lazarus
|
|
|
|
|
|
|
|
file:
|
|
|
|
- extensions:
|
|
|
|
- all
|
|
|
|
|
|
|
|
matchers:
|
|
|
|
- type: dsl
|
|
|
|
dsl:
|
|
|
|
- "sha256(raw) == '82e67114d632795edf29ce1d50a4c1c444846d9e16cd121ce26e63c8dc4a1629'"
|
|
|
|
- "sha256(raw) == '9352625b3e6a3c998e328e11ad43efb5602fe669aed9c9388af5f55fadfedc78'"
|
|
|
|
- "sha256(raw) == 'a0db8f8f13a27df1eacbc01505f311f6b14cf9b84fbc7e84cb764a13f001dbbb'"
|
|
|
|
- "sha256(raw) == 'a241b6611afba8bb1de69044115483adb74f66ab4a80f7423e13c652422cb379'"
|
|
|
|
- "sha256(raw) == '17e6189c19dedea678969e042c64de2a51dd9fba69ff521571d63fd92e48601b'"
|
2024-06-21 10:04:41 +00:00
|
|
|
condition: or
|
|
|
|
# digest: 4b0a00483046022100b9ffe0405c3e1b2f5a78f7d35de9fcebe05f08f84e56688356b9784e8d8eebc7022100b90a82c2f36e07835c7e7d7e198ce96fb361be2e9eed76e3cae80063fcc89a9d:922c64590222798bb761d5b6d8e72950
|