valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 18:15:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

GrandCrab malware

Browse Source
This commit is contained in:
Florian Roth 2018-04-24 11:22:46 +02:00
parent b2448ab324
commit 8d6d3b36ae
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
yara/crime_mal_grandcrab.yar Normal file
View File

@ -0,0 +1,12 @@
import "pe"
rule MAL_GandCrab_Apr18_1 {
meta:
description = "Detects GandCrab malware"
author = "Florian Roth"
reference = "https://twitter.com/MarceloRivero/status/988455516094550017"
date = "2018-04-23"
hash1 = "6fafe7bb56fd2696f2243fc305fe0c38f550dffcfc5fca04f70398880570ffff"
condition:
uint16(0) == 0x5a4d and filesize < 800KB and pe.imphash() == "7936b0e9491fd747bf2675a7ec8af8ba"
}