RATsConfigExtractor
Warning Don't get fooled by fake repos !
๐ What it does ?
This is a RAT(Remote Access Trojan) Config Extractor.
๐ก Features
- Scanning using YaraSharp for Yara Rules.
- Invoke Class corresponding to the Yara Rule Name.
- Try to avoid copying Decryption/Others function.
*) Awaiting star objectives
๐ฅ Preview
๐ ๏ธ Support
- Quasar (
1.4.1) - If you have an idea of RAT to support, please feel free to open a issue.
๐ Stars
- None for the moment.
Obviously, bots doesn't count and will be blocked.
๐ FAQ
Does it need to copy the whole decryption class/values ?
No.Can I use it on any RAT ?
Not really, ref: https://github.com/TheHellTower/RATsConfigExtractor#%EF%B8%8F-supportCan I suggest a RAT ?
Yes, ref: https://github.com/TheHellTower/RATsConfigExtractor#%EF%B8%8F-supportWhat does it do exactly ?
It's printing the config to the console. (Can't retrieve the config names if they got obfuscated)Will you do a cleanup on this code ?
Well, good question.. I'm not sure yet. But it should be done if I get enough motivation.Can I support the project ?
Yes, you can either "sponsor" me with the button on my profile or donate by going there: https://github.com/TheHellTower#-support-my-work and read, if you want to donate through PayPal you can add me on Discord, click here to see my Discord: https://github.com/TheHellTower#-socials.Can I contribute to the project ?
Yes, feel free to fork it, updated it as you wish as long as you don't break it and open a PR that will be reviewed !I have a question, can I contact you ?
Yes you can either by opening a issue: https://github.com/TheHellTower/RATsConfigExtractor/issues/new or send me an email at: "thehelltower@tuta.io" or contact me on one of my socials here: https://github.com/TheHellTower#-socialsNote: Only for questions no code support.