id: satana-malware

info:
  name: Satana Malware - Detect
  author: daffainfo
  severity: info
  reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_.CRYPTXXX.yar
  tags: malware,file
file:
  - extensions:
      - all

    matchers-condition: and
    matchers:
      - type: binary
        binary:
          - "210073006100740061006E00610021002E0074007800740000"
          - "456E756D4C6F63616C526573"
          - "574E65744F70656E456E756D5700"
          - "21534154414E4121"
        condition: and

      - type: binary
        binary:
          - "7467777975677771"
          - "537776776E6775"
        condition: or

# digest: 4a0a00473045022100e0d617ca6bbe36bf2a8bd9c875e1fbf40332d5e385abe1e70cfa19ccbc96056f02203da10e9fd106a91ded24ea8f1a8fa96970b8ea2a902ee57372afa80d486d303a:922c64590222798bb761d5b6d8e72950