Create derkziel_stealer

1a08b908 · Marc Rivero López · ca34ae65 · 1a08b908
Commit 1a08b908 authored Jan 13, 2016 by Marc Rivero López
Show whitespace changes
Inline Side-by-side

Showing with 20 additions and 0 deletions

derkziel_stealer derkziel_stealer +20 -0

No files found.
--- a/derkziel_stealer
+++ b/derkziel_stealer
+rule Derkziel
+{
+    meta:
+        description = "Derkziel info stealer (Steam, Opera, Yandex, ...)"
+        author = "The Malware Hunter"
+        yaraexchange = "No distribution without author's consent"
+        filetype = "pe"
+        date = "2015-11"
+        md5 = "f5956953b7a4acab2e6fa478c0015972"
+        site = "https://zoo.mlw.re/samples/f5956953b7a4acab2e6fa478c0015972"
+        reference = "https://bhf.su/threads/137898/"
+    strings:
+        $drz = "{!}DRZ{!}"
+        $ua = "User-Agent: Uploador"
+        $steam = "SteamAppData.vdf"
+        $login = "loginusers.vdf"
+        $config = "config.vdf"
+    condition:
+        all of them
+}