rule go_stresser_20_x64 {
	meta:
		author = "B42 Labs"
		date = "2023-04-13"
		hash_md5 = "c344f584881e90d426235553fedacff3"
		tlp = "CLEAR"
		yarahub_license = "CC0 1.0"
		yarahub_reference_md5 = "c344f584881e90d426235553fedacff3"
		yarahub_rule_matching_tlp = "CLEAR"
		yarahub_rule_sharing_tlp = "CLEAR"
		yarahub_uuid = "873ebbf5-9f83-4cf5-9670-b159211dd3c2"
	strings:
		$x64_0 = { F7 D8 49 C1 F8 3F 4D 21 E8 49 01 C0 4C 39 DE 74 04 }
		$x64_1 = { 18 B9 ?? ?? ?? ?? E8 E2 0B 00 00 48 8B 6C 24 ?? 48 83 C4 20 C3 }
		$x64_2 = { 18 B9 ?? ?? ?? ?? E8 E2 0B 00 00 48 8B 6C 24 ?? 48 83 C4 20 C3 }
		$x64_3 = { F7 DA 49 C1 FA 3F 4D 21 E2 49 01 C2 ?? ?? 48 39 F7 74 04 }
		$x64_4 = { 6C 24 40 48 89 44 24 ?? 48 89 7C 24 ?? 31 D2 45 31 C0 EB 17 }
		$x64_5 = { 8D 5E ?? 45 69 E1 93 01 00 01 44 0F B6 2C 30 47 8D 0C 2C 4C 89 DE 49 39 F0 7E 0B }
		$x64_6 = { 48 89 4C 24 ?? 48 89 7C 24 ?? 44 89 54 24 ?? 89 54 24 ?? 41 39 D1 75 44 }
		$x64_7 = { 08 48 ?? 5C 24 10 E8 C9 08 06 00 48 8B 44 24 ?? 48 8B 5C 24 ?? EB BD }
		$x64_8 = { 48 F7 C7 01 00 00 00 45 0F 45 D1 48 D1 FF 45 0F AF C0 45 89 D1 48 85 FF 7F DF }
		$x64_9 = { 0F B6 14 31 43 8D 14 11 4C 89 C6 ?? 48 39 F7 7F E3 }
		$s_0 = "HttpJob" ascii wide
		$s_1 = "SayHallo" ascii wide
		$s_2 = "StartJob" ascii wide
		$s_3 = "FastRequest" ascii wide
		$s_4 = "SetStatToBot" ascii wide
		$s_5 = "GetTargets" ascii wide
	condition:
		filesize < 10MB and (5 of ($x64_*)) and (3 of ($s_*))
}