Common Information
| Type | Value |
|---|---|
| Value |
rule allasenhamaycampaign_executorloader {
meta:
description = "Detects Delphi ExecutorLoader DLLs and executables."
references = "TRR240501"
date = "2024-05-28"
author = "HarfangLab"
context = "file,memory"
strings:
$delphi = "Embarcadero Delphi" ascii fullword
$s1 = "\\SysWOW64\\mshta.exe" wide fullword
$s2 = "\\System32\\mshta.exe" wide fullword
$s3 = "RcDll" wide fullword
$default1 = "Default_" wide fullword
$default2 = "Default~" wide fullword
condition:
$delphi and all of ($s*) and any of ($default*)
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |