Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- rule RAT
- {
- meta:
- description = "RAT"
- author = "James_inthe_box"
- reference = "https://app.any.run/tasks/1069b823-94b8-48d0-8db4-5bed15fe4b35/"
- date = "2019/11"
- maltype = "RAT"
- strings:
- $string1 = "%Y-%m-%d_%H-%M-%S.mp3" wide ascii
- $string2 = "®key=" wide ascii
- $string3 = "regname=" wide ascii
- $string4 = "[Rename]" wide ascii
- $string5 = "Screen_" wide ascii
- $string6 = "%Y-%m-%d_%H-%M-%S.jpg" wide ascii
- $string7 = "Webcam_" wide ascii
- $string8 = "App_" wide ascii
- $string9 = "Chat_" wide ascii
- $string10 = "Web_" wide ascii
- $string11 = "Keys_" wide ascii
- condition:
- all of ($string*)
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement