id: darkrat-malware

info:
  name: DarkRAT Malware - Detect
  author: daffainfo
  severity: info
  reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar
  tags: malware,file
file:
  - extensions:
      - all
    matchers:
      - type: word
        part: raw
        words:
          - "@1906dark1996coder@"
          - "SHEmptyRecycleBinA"
          - "mciSendStringA"
          - "add_Shutdown"
          - "get_SaveMySettingsOnExit"
          - "get_SpecialDirectories"
          - "Client.My"
        condition: and

# digest: 4b0a00483046022100b1285934cddc122f08b2b6076c401a94b5fada0579234b74bc87843121e15968022100b9ac1f7a35c4b00c9cdf22c8eb46cc6b2612b90f2cf9ff89e93589db08e7139c:922c64590222798bb761d5b6d8e72950