Skip to content

Commit

Permalink
Create MSAN_Locker.yar
Browse files Browse the repository at this point in the history
  • Loading branch information
deathrobotpunch authored Dec 4, 2024
1 parent 0f93570 commit 8bb1792
Showing 1 changed file with 16 additions and 0 deletions.
16 changes: 16 additions & 0 deletions malware/MSAN_Locker.yar
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
rule MSAN_locker
{
meta:
author = "Deathrobotpunch1"
description = "MSAN Locker YARA rule"
sha256_1 = cd87a63ad8a77a82f135401033e862de308286458273615a17c3013da65ad79a
sha256_2 = 33cadf8ff779d9d48135c5d9ea7b9b79ad59411c246df3f4421cc895548d07c4
sha256_3 = 78e72c3f93e794d0eb8a7685e536cc2d1045cfb5c3d9cb40de1c07e076ffb6a3

strings:
$hex_strings1 = {48 56 57 41 54 41 55 41 56 41 57 49}
$hex_strings2 = {41 32 84 24 4c 20 40 00}
$hex_strings3 = {4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 67 01 45 78 69 74 50 72 6F 63 65 73 73 00 42 02 47 65 74 45 6E 76 69 72 6F 6E 6D 65 6E 74 56 61 72 69 61 62 6C 65 41 00 4C 06 6C 73 74 72 63 70 79}
condition:
any of them
}

0 comments on commit 8bb1792

Please sign in to comment.