A Modular Malware Configuration Extraction Tool using MalDuck

Project description

Malware Configuration Extractor

logo

A Malware Configuration Extraction Tool and Modules for MalDuck

This project is FREE as in FREE :beer:, use it commercially, privately or however you see fit.

If you like this project and wish to donate :moneybag: to support the fight against malware...

Buy me a :tea:, as I don't drink :beer:, by sending me some ₿ to 16oXesi7uv3jdPZxxwarHSD2f3cNMpaih9

Installation:

sudo apt install -y python-virtualenv python-is-python3 git-lfs
git clone --recursive https://github.com/c3rb3ru5d3d53c/mwcfg.git
cd mwcfg/
virtualenv venv/
source venv/bin/activate
./setup.py install
git lfs --include tests/azorult.zip
unzip -P infected tests/azorult.zip tests/
mwcfg --input tests/azorult/ --modules modules/ --threads 4 --debug
mwcfg --input tests/azorult/ --list-modules

CLI Usage:

usage: mwcfg v1.0.0 [-h] [--version] [-i INPUT] -m MODULES [--list-modules] [-d] [-p] [-t THREADS] [-r] [-l LOG]

A Modular Malware Configuration Extraction Utility for MalDuck

optional arguments:
  -h, --help            show this help message and exit
  --version             show program's version number and exit
  -i INPUT, --input INPUT
                        Input File or Directory
  -m MODULES, --modules MODULES
                        Modules
  --list-modules
  -d, --debug           Debug
  -p, --pretty          Pretty Print Configs
  -t THREADS, --threads THREADS
                        Threads
  -r, --recursive       Recursive
  -l LOG, --log LOG     Log to File

Author: c3rb3ru5

Karton Framework Installation:

sudo apt install -y python-virtualenv python-is-python3 git-lfs
git clone --recursive https://github.com/c3rb3ru5d3d53c/mwcfg.git
cd mwcfg/
virtualenv venv/
source venv/bin/activate
./setup.py install
pip install karton-config-extractor
karton-config-extractor --config-file karton.ini --modules modules/

Contributing Modules:

Please refer to CONTRIBUTING.md

Additional Resources:

Project details

Release history Release notifications | RSS feed

This version

1.0.1

May 1, 2021

1.0.0

May 1, 2021

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mwcfg-1.0.1.tar.gz (5.8 kB view details)

Uploaded May 1, 2021 Source

Built Distribution

mwcfg-1.0.1-py3-none-any.whl (6.8 kB view details)

Uploaded May 1, 2021 Python 3

File details

Details for the file mwcfg-1.0.1.tar.gz.

File metadata

Download URL: mwcfg-1.0.1.tar.gz
Upload date: May 1, 2021
Size: 5.8 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: twine/3.4.1 importlib_metadata/4.0.1 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.60.0 CPython/3.8.5

File hashes

Hashes for mwcfg-1.0.1.tar.gz
Algorithm	Hash digest
SHA256	`d9b16c25760674d3a3d128bde87b2e68c0d83472dc114c90cfa9bafd77b3131a`
MD5	`c098ab560045857904a03cef6540c127`
BLAKE2b-256	`22727c8f74db855f30c9ae92e327fffca3e027dcb96caef4fbf7ca75e6294ffe`

See more details on using hashes here.

File details

Details for the file mwcfg-1.0.1-py3-none-any.whl.

File metadata

Download URL: mwcfg-1.0.1-py3-none-any.whl
Upload date: May 1, 2021
Size: 6.8 kB
Tags: Python 3
Uploaded using Trusted Publishing? No
Uploaded via: twine/3.4.1 importlib_metadata/4.0.1 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.60.0 CPython/3.8.5

File hashes

Hashes for mwcfg-1.0.1-py3-none-any.whl
Algorithm	Hash digest
SHA256	`69cbd6fb86202f332557153e69d8723db02c24f417c155b538f63a8316778dd1`
MD5	`898fa72c4f70ebac695df196085f275c`
BLAKE2b-256	`830152061e609c68c2bbf4a68668b413a986f2095f72e183c8c7e07effea733f`