Supported malware families for config extraction

Malware configuration extraction is crucial as it provides critical insights into the inner workings of malicious software. By uncovering details such as Command and Control servers, campaign identifiers, and other settings, cybersecurity experts can develop targeted countermeasures. This knowledge empowers them to detect, prevent, and mitigate the impact of malware attacks more effectively. In essence, malware configuration extraction serves as a key tool in fortifying digital defenses against evolving and sophisticated threats.

Our malware configuration extraction system can extract the configuration of over 14 malware families. They can also be searched by tags, listed in the second column of the table below:

Supported malware's nameTag to search for in MetaDefender Sandbox
Agent Tesla agenttesla
Async RAT asyncrat
Azorult azorult
Bitter RAT bitter_zxxz
Caliber 44caliber
Citadel citadel
Cobalt Strike cobalt
DarkCloud stealer darkcloud
Dridex stealer dridex_loader
Dynamic RAT dynamicrat
Emotet emotet
Formbook formbook
Hancitor hancitor
IcedID (BokBot) icedid_peloader icedid_photoloader
Knotweed knotweed_jumplump
Latrodectus latrodectus
LimeRAT limerat
Lumma Stealer lummastealer
njRAT njrat
MetaStealer metastealer
Qakbot qakbot
RedLine redline
Remcos remcos
ReZer0 rezer0
Roboski roboski
Smoke Loader smokeloader
Snake Keylogger snake_keylogger
Stealc stealc
Voldemort voldemort
Xworm xworm
ZLoader zloader

RedLine malware stands out as one of the most prevalent threats encountered in the wild. This info stealer variant is notorious for its ability to clandestinely gather sensitive information while potentially deploying additional malicious payloads. Its adaptability and widespread availability make it a significant threat, causing financial losses and data exposure for both individuals and businesses. Extracting the malware configuration is of paramount importance as it unveils critical details about RedLine's Command and Control (C2) infrastructure, campaign identifiers, and others significant settings needed to know its behavior. This intelligence enables cybersecurity experts to develop targeted countermeasures, enhancing the capacity to detect, prevent, and mitigate the impact of RedLine attacks.

Let's see how Sandbox can detect a RedLine sample and extract successfully its configuration, being able to extract a new IOC which was previously encrypted.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard