Sneed-Reactivity/yara-mikesxrs/Intezer/ElectroRAT

rule ElectroRAT
{
  strings:
      $str1 = "registerUser.go"
      $str2 = "osinfo.go"
      $str3 = "machineid.go"
      $str4 = "downloadFile.go"
      $str5 = "hidefile_windows.go"
      $str6 = "systemcl.go"
      $str7 = "bin_linux.go"
      $str8 = "processKill.go"
      $str9 = "screenshot.go"
      $str10 = "uploadFolder.go"
      $str11 = "bin_windows.go"
      $str12 = "mdworker.go"
      $str13 = "bin_darwin.go"
      $str14 = "hidefile.go"

  condition:
     3 of them
}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 12:43:35 -05:00			`rule ElectroRAT`
			`{`
			`strings:`
			`$str1 = "registerUser.go"`
			`$str2 = "osinfo.go"`
			`$str3 = "machineid.go"`
			`$str4 = "downloadFile.go"`
			`$str5 = "hidefile_windows.go"`
			`$str6 = "systemcl.go"`
			`$str7 = "bin_linux.go"`
			`$str8 = "processKill.go"`
			`$str9 = "screenshot.go"`
			`$str10 = "uploadFolder.go"`
			`$str11 = "bin_windows.go"`
			`$str12 = "mdworker.go"`
			`$str13 = "bin_darwin.go"`
			`$str14 = "hidefile.go"`

			`condition:`
			`3 of them`
			`}`