Kutaki yara

1. artifiacts
2. hyuder.exe
3. C:\barebareseh\spainkl\60-Restaurant\Restaurant Master.vbp
4. C:\barebareseh\spainkl\56 - cdexplore\prjcdhtmlexp.vbp
5. C:\comyeapna\chukahai\new project - 27\Project1.vbp
6.  
7. b15159115e17a28c1e1bda2151fddb8b0289ed12078309be982cf885f03ec126
8. 7a95219d97fb2ea650886fb84dfda9aa874123b7cef5b387de5aebcec3b82097
9. 54a9855383674e1b5bb22d719846cfc76758bca65804b0fd217bc2efa28250de
10.  
11. yara sig
12. rule Kutaki_bin
13. {
14. meta:
15. description = "Kutaki"
16. author = " James_inthe_box"
17. reference = "54a9855383674e1b5bb22d719846cfc76758bca65804b0fd217bc2efa28250de"
18. date = "2019/01"
19. maltype = "Bot"
20.  
21. strings:
22. $mz = { 4d 5a }
23. $string1 = "S u r e" wide
24. $string2 = "saverbro" wide
25. $string3 = "Want To Clear Log" wide
26. $string4 = "achibat" wide
27. $string5 = "LoginSucceeded"
28.  
29. condition:
30. ($mz at 0) and (all of ($string*))
31. }
32.  
33. rule Kutaki_mem
34. {
35. meta:
36. description = "Kutaki"
37. author = " James_inthe_box"
38. reference = "54a9855383674e1b5bb22d719846cfc76758bca65804b0fd217bc2efa28250de"
39. date = "2019/01"
40. maltype = "Bot"
41.  
42. strings:
43. $string1 = "S u r e" wide
44. $string2 = "saverbro" wide
45. $string3 = "Want To Clear Log" wide
46. $string4 = "achibat" wide
47. $string5 = "LoginSucceeded"
48.  
49. condition:
50. all of ($string*)
51. }