Common Information
| Type | Value |
|---|---|
| Value |
rule resolve_keys {
meta:
author = "Elastic Security"
description = "EMOTET - find the key decoding algorithm in the PE"
creation_date = "2022-08-02"
last_modified = "2022-08-11"
os = "Windows"
family = "EMOTET"
threat_name = "Windows.Trojan.EMOTET"
reference_sample = "debad0131060d5dd9c4642bd6aed186c4a57b46b0f4c69f1af16b1ff9c0a77b1"
strings:
$chunk_1 = { 45 33 C9 4C 8B D0 48 85 C0 74 ?? 48 8D ?? ?? 4C 8B ?? 48 8B ?? 48 2B ?? 48 83 ?? ?? 48 C1 ?? ?? 48 3B ?? 49 0F 47 ?? 48 85 ?? 74 ?? 48 2B D8 42 8B 04 03 }
condition:
any of them
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |