Skip to content

DMFR SECURITY

another security blog…

Reviews
About

Search for:

Tag: salsa20

100 Days of YARA – Day 8: Salsa20

On December 27, 2021December 24, 2021 By DanielIn 100 days of Yara2 Comments

Salsa20 is a stream cipher used by various ransomware software: https://appuals.com/grandcrab-ransomware-v4-1-2-theft-prevented-with-salsa20-algorithm/https://blogs.keysight.com/blogs/tech/nwvs.entry.html/2021/05/18/darkside_ransomware-QfsV.htmlhttps://www.acronis.com/en-us/articles/sodinokibi-ransomware/ I took a similar approach to the rules in previous posts to find MD5 and SHA256 implementations. I found a constant by reading the source code of a Salsa20 implementation on GitHub and looking for unique constants: https://github.com/alexwebr/salsa20/blob/master/salsa20.c#L118-L125 This was able to detect Sodinokibi …

Continue reading 100 Days of YARA – Day 8: Salsa20

Archives

February 2022 (12)
January 2022 (31)
December 2021 (15)
November 2021 (3)
October 2021 (7)
September 2021 (13)
August 2021 (13)
May 2021 (4)
April 2021 (23)
February 2021 (5)
January 2021 (6)
December 2020 (8)
February 2020 (2)
November 2019 (1)
October 2019 (2)
December 2018 (3)
July 2018 (1)
May 2017 (2)
April 2017 (5)
January 2017 (1)
December 2016 (4)

ascii assembler base64 binary C c++ cryptography CTF cyberchef ELF exiftool forensics golang hexadecimal hunting incident response java kali Linux malware netcat networking nmap pe pentesting persistence picoctf PowerShell procfs programming Python ransomware reversing reviews security shellcode shell scripting ssh steganography strings web win32 windows wireshark yara

Blog at WordPress.com.

Subscribe Subscribed
- DMFR SECURITY
- Already have a WordPress.com account? Log in now.