From 83ab5ed2ed94489d5f4ec775b6bda3460c6ccfbd Mon Sep 17 00:00:00 2001
From: Unknown <reversingminds@mail.com>
Date: Wed, 20 Sep 2017 11:24:33 +0200
Subject: [PATCH] Added Dridex V4 Yara Rule

---
 malware/MALW_Dridex_v4.yar | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 malware/MALW_Dridex_v4.yar

diff --git a/malware/MALW_Dridex_v4.yar b/malware/MALW_Dridex_v4.yar
new file mode 100644
index 0000000..f649ed2
--- /dev/null
+++ b/malware/MALW_Dridex_v4.yar
@@ -0,0 +1,30 @@
+
+rule Dridex : banker
+{
+    meta:
+      author = "51ddh4r7h4 <@51ddh4r7h4> & D00RT <@D00RT_RM>"
+      date = "2017/08/01"
+	  
+      description = "Dridex V4"
+      reference/source = "http://reversingminds-blog.logdown.com"
+	  
+      sample = "c19a33ec0125d579c4ab695363df49f7"
+      in_the_wild = true
+
+    strings:
+        $a = {48 83 EC 18 B8 41 45 38 09 C7 44 24 10 E1 28 71 01 8B 54 24 10 29 D0 89 44 24 0C 81 7C 24 0C 57 E4 75 2A 89 4C 24
+              08 89 54 24 04 75 00 8B 44 24 08 89 04 24 8B 0C 24 65 67 48 8B 11 44 8B 44 24 04 41 81 C0 B4 AE 33 78 44 89 44 24
+              14 48 89 D0 48 83 C4 18 C3 66 66 2E 0F 1F 84 00 00 00 00 00 48 83 EC 38 48 C7 44 24 30 70 D1 E6 75 48 8B 44 24 30
+              48 35 21 50 E2 06 48 3D 48 39 05 15 72 0F B9 30 00 00 00 48 83 C4 38 48 E9 71 FF FF FF B9 76 A0 92 6C E8 67 FF FF
+              FF 31 C9 89 CA 48 89 44 24 28 48 89 D0 48 83 C4 38 C3 66 0F 1F 44 00 00 48 83 EC 38 C7 44 24 34 85 1B 96 21 8B 44
+              24 34 89 44 24 2C E8 97 FF FF FF 8B 4C 24 2C 81 E1 E0 CA 13 57 89 4C 24 30 8B 4C 24 2C 81 F9 7A 6B 6F 57 48 89 44
+              24 20 75 00 8B 44 24 2C 35 55 36 B4 45 89 44 24 30 48 8B 4C 24 20 48 8B 41 60 48 83 C4 38 C3 66 66 66 66 2E 0F 1F
+              84 00 00 00 00 00 48 83 EC 40 44 88 C8 41 B9 DC 96 50 30 45 89 CA 48 C7 44 24 28 5A 5B 6C 45 44 8B 4C 24 3C 41 81
+              C1 AC 6F 55 46 44 89 4C 24 3C 4C 8B 5C 24 28 48 89 4C 24 10 4C 89 D9 49 D3 E2 4C 89 54 24 20 49 81 FB D2 F4 A4 6B
+              48 89 54 24 08 88 44 24 07 44 89 04 24 77 33 B8 3B 48 13 64 C7 44 24 18 6E 8B 6E 1D 8B 0C 24 89 CA 41 89 D0 4C 89
+              44 24 30 4C 8B 44 24 30 4C 8B 4C 24 08 47 8A 14 01 44 88 54 24 1F 3B 44 24 18 75 00 48 8B 44 24 30 8A 4C 24 1F 8A
+              54 24 07 28 D1 4C 8B 44 24 10 41 88 0C 00 48 83 C4 40 C3 66 66 2E 0F 1F 84}
+
+    condition:
+        $a 
+}
\ No newline at end of file
--
libgit2 0.26.0