(YARA) YARA_DebuggerCheck__RemoteAPI
rule DebuggerCheck__RemoteAPI {
meta:
description = "Rule to RemoteAPI debugger check"
author = "Thibault Seret"
date = "2020-09-26"
strings:
$s1 ="CheckRemoteDebuggerPresent"
condition:
any of them
}
Associated Techniques
No associated technique found so far.
Matching Samples 10 most recent
| Sample Name | Matching Techniques | First Seen | Last Seen |
|---|---|---|---|
| 5.exe | 9 | 2025-05-30 | 5 days, 2 hours ago |
| q.apk.exe | 8 | 2025-05-30 | 5 days, 2 hours ago |
| DgtAutoTTS.exe | 3 | 2025-05-06 | 4 weeks, 1 day ago |
| noui.exe | 8 | 2025-02-20 | 3 months, 2 weeks ago |
| msimg32.dll | 2 | 2025-01-14 | 4 months, 3 weeks ago |
| kernel32.dll | 13 | 2024-12-30 | 5 months ago |
| 3c703ecb3e8c54e352ff39fadbe7...f848bd69551b07bf2ed0a58744b9 | 6 | 2024-11-19 | 6 months, 2 weeks ago |
| implant.exe | 6 | 2024-11-18 | 6 months, 2 weeks ago |
| al-khaser.exe | 24 | 2024-11-13 | 6 months, 3 weeks ago |
Created
June 20, 2022
Last Revised
November 5, 2024