how to install ratdecoder
cd RATDecoders
pip3 install -r requirements.txt
python3 setup.py install
Using the supplied command line tool malconf you can pass in a single file or a directory with the -r flag and it will attempt to automagically detect the family and extract any config.
You can also use the -o option to write results out to a file.
malconf
malconf -l This will list all the supported rats
malconf /path/to/sample This will automagically detect the family and run the decoder *Example by kevthehermit*
⇒ malconf tests/samples/alienspy
_ _ _ __ __
| \/ | _ _| |/ _|_ _ _ / _|
| |\/| |/ ` | | | / _ \| ' \| |_
| | | | (| | | || () | | | | _|
|| ||\_,||\_\_/|| ||_|
Malware Configuration Parser by @kevthehermit
[+] Loading File: tests/samples/alienspy
[-] Found: AlienSpy
[-] Running Decoder
[-] Config Output
{'ConfigKey': 'fzGUoTaQH3SUW7E82IKQK2J2J2IISIS',
'NAME': 'ok',
'Version': 'B',
'connetion_time': '0',
'desktop': 'true',
'dns': '213.208.129.211',
'extensionname': 'qQJ',
'folder': 'java',
'instalar': 'true',