Hashes and yara rule

1. possible c2 and more
2. 217.69.8.255
3. 92.168.43.234
4. 1.187.1.187
5. mark3
6. P@SSaw1
7.  
8. hashes
9. 1af36966f11b887f69db9cc3c2e96cc7954fc3cf1ffeb97895eb790188c80b33
10. 32fbd62a1fde794cdf95a67f22f47b495474cd18419ac4c37fbb5460cdfd1831
11. 3b349f9c914149ae2f213005e5348181e9df99be93c69e8e52a606107228559c
12. 4b4e429c41d873cba06f88cccffcbc56297069ab99d0537d39c4a5bb1f5e6c7e
13. 5f3549f535eaf6ecd14d5a7a8eee15c7ef457ca53b3fad211eb9f74e59601f59
14. 70759b35e1dc722d0cca6c41da134d5a35a62b675f4f79234f579b3792476396
15. 87c4eb8201f9cf92aa5562d112fdd322a01899bcc38ba39e4f6ef92cbf144900
16. cefb85b3aa0e72f8b2b97ee3551a8bf4751a3f26e011c0da6e5186dfd2f5f5d3
17. d3d37dd7c8f1b1b900a7d5a3616bbd105b3a5c8c02f77f50d3af04ec809ad7f2
18. fcb0d071a9384750adf88963eb580690effbe8b29942afa6a8e2566e9a4e94dd
19.  
20. yara
21. rule Unknown_malware_2_bin
22. {
23. meta:
24. description = "Unknown"
25. author = "James_inthe_box"
26. reference = "183d04fbd11553b2d650303a9118e294"
27. date = "2019/07"
28. maltype = "Unknown"
29.  
30. strings:
31. $string1 = "Domain:" wide
32. $string2 = "LogonUser:" wide
33. $string3 = "software\\intel\\java"
34. $string4 = "taskkill" wide
35. $string5 = "reg delete" wide
36. $string6 = "flushdns" wide
37. $string7 = "pxry.dat"
38.  
39. condition:
40. uint16(0) == 0x5A4D and all of ($string*) and filesize < 800KB
41. }
42.  
43. rule Unknown_malware_2_mem
44. {
45. meta:
46. description = "Unknown"
47. author = "James_inthe_box"
48. reference = "183d04fbd11553b2d650303a9118e294"
49. date = "2019/07"
50. maltype = "Unknown"
51.  
52. strings:
53. $string1 = "Domain:" wide
54. $string2 = "LogonUser:" wide
55. $string3 = "software\\intel\\java"
56. $string4 = "taskkill" wide
57. $string5 = "reg delete" wide
58. $string6 = "flushdns" wide
59. $string7 = "pxry.dat"
60.  
61. condition:
62. all of ($string*) and filesize > 800KB
63. }