[Community-sigs] Win.Trojan.PW_Steeler
Askar Dyussekeyev
dyussekeyev at yandex.kz
Sun Apr 9 12:03:45 EDT 2017
Hello!
There is a logical signature for password stealer, that looks for specific strings:
Win.Trojan.PW_Steeler;Target:1;(0>2)&(1|(2>2)|(3>2)&4&5&6&7&8);505720537465656C6572;544849532049532041205649525553;444F4E542055534520495420544F20535445414C204F544845522050415353574F5244;464F5220454455434154494F4E414C20505552504F5345204F4E4C59;460069007200650066006F007800;47006F006F0067006C00650020004300680072006F006D006500;530061006600610072006900;5300650061004D006F006E006B0065007900;590061006E00640065007800
Samples:
- https://virustotal.com/ru/file/0ca0e4d19ea289d31b496d09865c3b02bd08ac366f593c35da81b49393bd3284/analysis/1491752221/
- https://virustotal.com/ru/file/069a0d21d22b4ea29b258a9af7ced75fa3c06862631226f8479159c874caabe0/analysis/1491752238/
Best regards,
Askar
More information about the Community-sigs
mailing list