Sneed-Group/Sneed-Reactivity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Sneed-Reactivity/yara-mikesxrs/Vinsula/Vinsula_Sayad_Client_infostealer.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK 
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

36 lines
No EOL
1.1 KiB
Text
Raw Permalink Blame History

rule Vinsula_Sayad_Client : infostealer
{
meta:
copyright = "Vinsula, Inc"
description = "Sayad Infostealer Client"
version = "1.0"
actor = "Sayad Client"
in_the_wild = true
reference = "http://vinsula.com/2014/07/20/sayad-flying-kitten-infostealer-malware/"
strings:
$pdbstr = "\\Projects\\C#\\Sayad\\Source\\Client\\bin\\x86\\Debug\\Client.pdb"
$sayadconfig = "base.dll" wide
$sqlite3str = "sqlite3.dll" nocase
$debugstr01 = "Config loaded" wide
$debugstr02 = "Config parsed" wide
$debugstr03 = "storage uploader" wide
$debugstr04 = "updater" wide
$debugstr05 = "keylogger" wide
$debugstr06 = "Screenshot" wide
$debugstr07 = "sqlite found & start collectiong data" wide
$debugstr08 = "Machine info collected" wide
$debugstr09 = "browser ok" wide
$debugstr10 = "messenger ok" wide
$debugstr11 = "vpn ok" wide
$debugstr12 = "ftp client ok" wide
$debugstr13 = "ftp server ok" wide
$debugstr14 = "rdp ok" wide
$debugstr15 = "kerio ok" wide
$debugstr16 = "skype ok" wide
$debugstr17 = "serialize data ok" wide
$debugstr18 = "Keylogged" wide
condition:
all of them
}
Reference in a new issue View git blame Copy permalink