From 3599253d74f919a5f3cf7e35f545cd8a6abb5851 Mon Sep 17 00:00:00 2001
From: Hugo Caron <hca443@gmail.com>
Date: Wed, 9 Aug 2023 21:47:59 +0200
Subject: [PATCH] Add hash algorithm for unknown Mythic agent

---
 algorithms/mythic_unknown.py | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 algorithms/mythic_unknown.py

diff --git a/algorithms/mythic_unknown.py b/algorithms/mythic_unknown.py
new file mode 100644
index 0000000..5a36334
--- /dev/null
+++ b/algorithms/mythic_unknown.py
@@ -0,0 +1,19 @@
+#!/usr/bin/env python
+
+DESCRIPTION = "API hash find in an unknown Mythic agent, need a XOR key"
+# Type can be either 'unsigned_int' (32bit) or 'unsigned_long' (64bit)
+TYPE = "unsigned_int"
+# Test must match the exact has of the string 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'
+TEST_1 = 3762100525
+
+
+def hash(data):
+    crc = 0xffffffff
+    for val in data:
+        for _ in range(8):
+            tmp = crc
+            crc = crc >> 1 & 0xffffffff
+            if (val ^ tmp) & 1 != 0:
+                crc ^= 0xedb88320
+            val = val >> 1 & 0xffffffff
+    return crc