08e8d462fe
RED PILL 🔴 💊
10 lines
326 B
Text
10 lines
326 B
Text
rule dropper:realshell {
|
|
meta:
|
|
source = "https://blog.malwarebytes.org/mobile-2/2015/06/complex-method-of-obfuscation-found-in-dropper-realshell/"
|
|
strings:
|
|
$a = "hexKey:"
|
|
$b = "Decrypt.malloc.memset.free.pluginSMS_encrypt.Java_com_skymobi_pay_common_util_LocalDataDecrpty_Encrypt.strcpy"
|
|
|
|
condition:
|
|
any of them
|
|
}
|