Common Information
| Type | Value |
|---|---|
| Value |
rule money_ransomware {
meta:
author = "Yoroi Malware ZLab"
description = "Rule for Money Ransomware"
last_updated = "2023-03-28"
tlp = "WHITE"
category = "informational"
strings:
$1 = { 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? C7 45 E8 00 00 00 00 FF 15 ?? ?? ?? ?? 50 FF 15 ?? ?? ?? ?? 8B F0 85 F6 0F 84 ?? ?? ?? ?? EB ?? 8B 4D E0 8B 01 FF 50 04 89 45 E4 8D 45 E4 50 83 EC 08 8B C4 C7 00 ?? ?? ?? ?? C7 40 04 3E 00 00 00 E8 ?? ?? ?? ?? 83 C4 0C B8 ?? ?? ?? ?? C3 }
$2 = { 8D 47 30 3B C6 74 ?? 8B C8 E8 ?? ?? ?? ?? 8B 0E 89 4F 30 8B 46 04 89 47 34 8B 46 08 89 47 38 C7 06 00 00 00 00 C7 46 04 00 00 00 00 C7 46 08 00 00 00 00 8D ?? 14 FF FF FF E8 ?? ?? ?? ?? }
condition:
uint16(0) == 0x5A4D and ($1 or $2)
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |