Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- rule fox_stealer_mem
- {
- strings:
- $a1="aHR0cDovLw==" wide
- $a2="TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgNi4xOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNjQuMC4zMjgyLjExOSBTYWZhcmkvNTM3LjM2" wide
- $a3="L2xpc3QucGhw" wide
- $a4="L3Bvc3QucGhw" wide
- $a5="My Own Capture Window" wide
- $a6="MY_ATOM_FOR_CONTROL" wide
- $a7="\\Lists\\InfoPC.txt" wide
- $b1="\\Lists\\Password.txt" wide
- $b2="\\Lists\\Cookies" wide
- $b3="\\Lists\\Autofill.txt" wide
- $b4="\\Lists\\Steam\\config" wide
- $b5="\\Steam\\config" wide
- $b6="Telegram Desktop\\tdata" wide
- $b7="\\Lists\\screenshot" wide
- $b8="netsh wlan show networks mode=bssid" wide
- $b9="\\Lists\\BSSID.txt" wide
- $b10="\\Lists\\Discord\\Cookies" wide
- $b11="\\Lists\\FileZilla\\recentservers.xml" wide
- $b12="\\Lists\\ScreenCam.bmp" wide
- $b13="Error at hooking API \"%S\"" wide
- $b14="Dumping first %d bytes:" wide
- condition:
- 3 of ($a*) and 7 of ($b*)
- }
Add Comment
Please, Sign In to add comment
