id: avburner-malware-hash
info:
  name: AVBurner Malware Hash - Detect
  author: pussycat0x
  severity: info
  description: Detects AVBurner based on a combination of API calls used, hard-coded strings, and bytecode patterns
  reference:
    - https://github.com/volexity/threat-intel/blob/main/2023/2023-03-07%20AVBurner/yara.yar
  tags: malware,snakecharmer

file:
  - extensions:
      - all

    matchers:
      - type: dsl
        dsl:
          - "sha256(raw) == '4b1b1a1293ccd2c0fd51075de9376ebb55ab64972da785153fcb0a4eb523a5eb'"
# digest: 4a0a00473045022100f8477adf4215907bc55dbf7776c940c9881f598394af92e08e20ee0fe90c223a022068b7ba7a4620b470215521a7504c1d8c9b10ea010a003de19217c37f3a23f7f2:922c64590222798bb761d5b6d8e72950