id: satana-malware

info:
  name: Satana Malware - Detect
  author: daffainfo
  severity: info
  reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_.CRYPTXXX.yar
  tags: malware,file

file:
  - extensions:
      - all

    matchers-condition: and
    matchers:
      - type: binary
        binary:
          - "210073006100740061006E00610021002E0074007800740000"
          - "456E756D4C6F63616C526573"
          - "574E65744F70656E456E756D5700"
          - "21534154414E4121"
        condition: and

      - type: binary
        binary:
          - "7467777975677771"
          - "537776776E6775"
        condition: or