id: darkrat-malware

info:
  name: DarkRAT Malware - Detect
  author: daffainfo
  severity: info
  reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar
  tags: malware,file

file:
  - extensions:
      - all

    matchers:
      - type: word
        part: raw
        words:
          - "@1906dark1996coder@"
          - "SHEmptyRecycleBinA"
          - "mciSendStringA"
          - "add_Shutdown"
          - "get_SaveMySettingsOnExit"
          - "get_SpecialDirectories"
          - "Client.My"
        condition: and