API tools faq
paste
James_inthe_box

404k keylogger stealer yara

James_inthe_box
Jan 13th, 2020
13,514
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.10 KB | None | 0 0
raw download clone embed print report
  1. rule k_404_keylogger_bin
  2. {
  3. meta:
  4. description = "404k keylogger stealer"
  5. author = "James_inthe_box"
  6. reference = "dee0e0be670ab59a25129f2da51db6b7"
  7. date = "2019/01"
  8. maltype = "Keylogger"
  9.  
  10. strings:
  11. $string1 = "opera_salt"
  12. $string2 = "set_loloa"
  13. $string3 = "PSWD | Client Name" wide
  14. $string4 = "api_paste_code" wide
  15. $string5 = "Lockdown2000" wide
  16. $string6 = "wow_logins" wide
  17.  
  18. condition:
  19. uint16(0) == 0x5A4D and all of ($string*) and filesize < 300KB
  20. }
  21.  
  22. rule k_404_keylogger_mem
  23. {
  24. meta:
  25. description = "404k keylogger stealer"
  26. author = "James_inthe_box"
  27. reference = "dee0e0be670ab59a25129f2da51db6b7"
  28. date = "2019/01"
  29. maltype = "Keylogger"
  30.  
  31. strings:
  32. $string1 = "opera_salt"
  33. $string2 = "set_loloa"
  34. $string3 = "PSWD | Client Name" wide
  35. $string4 = "api_paste_code" wide
  36. $string5 = "Lockdown2000" wide
  37. $string6 = "wow_logins" wide
  38.  
  39. condition:
  40. all of ($string*) and filesize > 300KB
  41. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!