[Community-sigs] Win.Trojan.PW_Steeler

Christopher Marczewski cmarczewski at sourcefire.com
Mon Apr 10 13:38:55 EDT 2017 

Askar,

Thank you for the submission. We're reviewing the signature & will keep you
posted.

On Sun, Apr 9, 2017 at 12:31 PM, Askar Dyussekeyev <dyussekeyev at yandex.kz>
wrote:

> Update for last signature:
>
> Win.Trojan.PW_Steeler;Target:1;(0>2)&(1|(2>2)|(3>2))&4&5&6&
> 7&8;505720537465656C6572;544849532049532041205649525553;
> 444F4E542055534520495420544F20535445414C204F544845522050415353574F5244;
> 464F5220454455434154494F4E414C20505552504F5345204F4E4C59;
> 460069007200650066006F007800;47006F006F0067006C006500200043
> 00680072006F006D006500;530061006600610072006900;
> 5300650061004D006F006E006B0065007900;590061006E00640065007800
>
>
> 09.04.2017, 22:04, "Askar Dyussekeyev" <dyussekeyev at yandex.kz>:
> > Hello!
> >
> > There is a logical signature for password stealer, that looks for
> specific strings:
> >
> > Win.Trojan.PW_Steeler;Target:1;(0>2)&(1|(2>2)|(3>2)&4&5&6&
> 7&8);505720537465656C6572;544849532049532041205649525553;
> 444F4E542055534520495420544F20535445414C204F544845522050415353574F5244;
> 464F5220454455434154494F4E414C20505552504F5345204F4E4C59;
> 460069007200650066006F007800;47006F006F0067006C006500200043
> 00680072006F006D006500;530061006600610072006900;
> 5300650061004D006F006E006B0065007900;590061006E00640065007800
> >
> > Samples:
> > - https://virustotal.com/ru/file/0ca0e4d19ea289d31b496d09865c3b
> 02bd08ac366f593c35da81b49393bd3284/analysis/1491752221/
> > - https://virustotal.com/ru/file/069a0d21d22b4ea29b258a9af7ced7
> 5fa3c06862631226f8479159c874caabe0/analysis/1491752238/
> >
> > Best regards,
> > Askar
> > _______________________________________________
> > Community-sigs mailing list
> > Community-sigs at lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
> >
> > http://www.clamav.net/contact.html#ml
> _______________________________________________
> Community-sigs mailing list
> Community-sigs at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>
> http://www.clamav.net/contact.html#ml
>



-- 
--
Christopher Marczewski
Research Engineer
Talos Group
cmarczewski at sourcefire.com
Phone: 443.832.2975

More information about the Community-sigs mailing list