Supported malware families for config extraction

Malware configuration extraction is crucial because it provides critical insights into the inner workings of malicious software. By uncovering details such as Command and Control servers, campaign identifiers, and other settings, cybersecurity experts can develop targeted countermeasures. This knowledge empowers them to detect, prevent, and mitigate the impact of malware attacks more effectively. In essence, malware configuration extraction serves as a key tool in fortifying digital defenses against evolving and sophisticated threats.

Our malware configuration extraction system can extract the configuration of over 14 malware families. You can also search them by tags, which can be found as the second column of the table below:

Supported malware's name

Tag to search for in Filescan Sandbox

Agent Tesla

agenttesla

Async RAT

asyncrat

Azorult

azorult

Bitter RAT

bitter_zxxz

Caliber

44caliber

Citadel

citadel

DarkCloud stealer

darkcloud

Dridex stealer

dridex_loader

Dynamic RAT

dynamicrat

Emotet

emotet

Formbook

formbook

Hancitor

hancitor

IcedID (BokBot)

icedid_peloader icedid_photoloader

Knotweed

knotweed_jumplump

LimeRAT

limerat

RedLine

redline

Smoke Loader

smokeloader

ZLoader

zloader


RedLine malware stands out as one of the most prevalent threats encountered in the wild. This infostealer variant is notorious for its ability to clandestinely gather sensitive information while potentially deploying additional malicious payloads. Its adaptability and widespread availability make it a significant threat, causing financial losses and data exposure for both individuals and businesses. Extracting the malware configuration is of paramount importance as it unveils critical details about RedLine's Command and Control (C2) infrastructure, campaign identifiers, and others significant settings needed to know its behaviour. This intelligence enables cybersecurity experts to develop targeted countermeasures, enhancing the capacity to detect, prevent, and mitigate the impact of RedLine attacks.

Let's see how Filescan can detect a RedLine sample and extract succesfully its configuration, being able to extract a new IOC which was previously encrypted.