There is no description at this point.
import "pe" rule win_paradies_clipper_w0 { meta: author = "igal lytzki" malware_family = "Paradies Clipper" date = "18/01/2023" version = "1.0" sha256 = "4df448d36e3409ecd712702ef66dba779d81961ae364243ccc0e2e5a6cb39334" malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.paradies_clipper" malpedia_rule_date = "20230209" malpedia_hash = "" malpedia_version = "20230209" malpedia_license = "" malpedia_sharing = "TLP:WHITE" strings: $cryptoWallet1 = /(bc1)[a-zA-HJ-NP-Z0-9]{25,39}/ $cryptoWallet2 = /0x[a-fA-F0-9]{40}/ $cryptoWallet3 = /r[0-9a-zA-Z]{24,34}/ $cryptoWallet4 = /D{1}[5-9A-HJ-NP-U]{1}[1-9A-HJ-NP-Za-km-z]{32}/ $cryptoWallet5 = /[L][a-km-zA-HJ-NP-Z1-9]{26,33}/ $cryptoWallet6 = /ltc1[a-z0-9]{39,59}/ $cryptoWallet7 = /4[0-9AB][1-9A-HJ-NP-Za-km-z]{93}/ $cryptoWallet8 = /X[1-9A-HJ-NP-Za-km-z]{33}/ $userAgent = "hitman" ascii wide condition: uint16(0) == 0x5a4d and 3 of ($cryptoWallet*) and #userAgent > 2 and pe.imports("User32.dll" ,"GetClipboardData") and pe.imports("User32.dll" ,"SetClipboardData") }
If your designated proposal does not fit in any other category, feel free to write a free-text in the comment field below. Changes regarding references should be proposed on the Malpedia library page.
Your suggestion will be reviewed before being published. Thank you for contributing!
YYYY-MM-DD
YYYY-MM
YYYY