25 lines
1.2 KiB
YAML
25 lines
1.2 KiB
YAML
id: snake-malware
|
|
|
|
info:
|
|
name: Snake Malware - Detect
|
|
author: daffainfo
|
|
severity: info
|
|
reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_Snake.yar
|
|
tags: malware,file
|
|
|
|
file:
|
|
- extensions:
|
|
- all
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: raw
|
|
words:
|
|
- "Go build ID: \"X6lNEpDhc_qgQl56x4du/fgVJOqLlPCCIekQhFnHL/rkxe6tXCg56Ez88otHrz/Y-lXW-OhiIbzg3-ioGRz\""
|
|
|
|
- type: binary
|
|
binary:
|
|
- "89C8BB00CA9A3B89D1F7E381E1FFFFFF3F89C301C889C60500001A3D89042469ED00CA9A3B01EA89CDC1F91F01EB11CA81C600001A3D81D2EB03B2A189542404E81062F6FF"
|
|
- "648B0D140000008B89000000003B61080F863801000083EC3CE8321AF3FF8D7C242889E6E825EAF0FF8B44242C8B4C242889C2C1E81FC1E01F85C00F84FC000000D1E289CBC1E91F09D189DAD1E3C1EB1F89CDD1E109D989CB81C1807FB1D7C1ED1F81C3807FB1D783D50D89C8BB00CA9A3B89D1F7E381E1FFFFFF3F89C301C889C60500001A3D89042469ED00CA9A3B01EA89CDC1F91F01EB11CA81C600001A3D81D2EB03B2A189542404E81062F6FF31C0EB79894424208B4C24408D14C18B1A895C24248B52048954241CC7042405000000E848FEFFFF8B4424088B4C2404C70424000000008B542424895424048B5C241C895C2408894C240C89442410E8ECDDEFFF8B4424188B4C2414894C24088944240C8B4424248904248B44241C89442404E868BBF3FF8B44242040"
|
|
condition: and |