Skip to content

R
rules
Commit 96bd24c5 by Marc Rivero López Committed by GitHub
Options

Update MALW_Derkziel.yar

parent 698a04dc
Showing with 5 additions and 1 deletions
malware/MALW_Derkziel.yar
...@@ -2,8 +2,10 @@ ...@@ -2,8 +2,10 @@
This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license. This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.
*/ */
rule Derkziel : pe
rule Derkziel
{ {
meta: meta:
description = "Derkziel info stealer (Steam, Opera, Yandex, ...)" description = "Derkziel info stealer (Steam, Opera, Yandex, ...)"
author = "The Malware Hunter" author = "The Malware Hunter"
...@@ -12,12 +14,14 @@ rule Derkziel : pe ...@@ -12,12 +14,14 @@ rule Derkziel : pe
md5 = "f5956953b7a4acab2e6fa478c0015972" md5 = "f5956953b7a4acab2e6fa478c0015972"
site = "https://zoo.mlw.re/samples/f5956953b7a4acab2e6fa478c0015972" site = "https://zoo.mlw.re/samples/f5956953b7a4acab2e6fa478c0015972"
reference = "https://bhf.su/threads/137898/" reference = "https://bhf.su/threads/137898/"
strings: strings:
$drz = "{!}DRZ{!}" $drz = "{!}DRZ{!}"
$ua = "User-Agent: Uploador" $ua = "User-Agent: Uploador"
$steam = "SteamAppData.vdf" $steam = "SteamAppData.vdf"
$login = "loginusers.vdf" $login = "loginusers.vdf"
$config = "config.vdf" $config = "config.vdf"
condition: condition:
all of them all of them
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment