Update backdoor_shamanic.yar

albertzsigovits · Feb 15, 2023 · c0f177c · c0f177c
1 parent 2d117ce
commit c0f177c
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/malware/backdoor_shamanic.yar b/malware/backdoor_shamanic.yar
@@ -1,12 +1,12 @@
 rule Backdoor_Shamanic_Golang : windows malware backdoor shamanic golang {
-	meta:
+    meta:
         author = "albertzsigovits"
         created_date = "2023-01-13"
         last_updated_date = ""
         version = "0"
         threat = "Backdoor.Shamanic.A"
         sha256 = "fb18a869139f1c7f2e182d1f1d0ac4db232d93a0c3ac89dc8dadf13077de9910"
-	strings:
+    strings:
         $pdb = "Go build ID: \"hcVddaNK5rx6heao1eoJ/u37oG70mHTJY1vCNtMHu/D-Je_IxqqGnZi8XzHeZ4/3JXFlEhWlY--Y1mFTtQ6\"" ascii wide
         $str1 = "github.com/whiterabb17/shaman" ascii wide
         $str2 = "D:/Repos/Shamanic/Shamanic/package" ascii wide
@@ -18,7 +18,7 @@ rule Backdoor_Shamanic_Golang : windows malware backdoor shamanic golang {
         $git2 = "github.com/mateuszmierzwinski/filescanner" ascii wide
         $git3 = "github.com/vova616/screenshot" ascii wide
         $git4 = "github.com/StackExchange/wmi" ascii wide
-	condition:
+    condition:
 		uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550
         and (
               (1 of ($str*) and 1 of ($shaman*) and 1 of ($git*))