UnpacMe Weekly: Extractor Updates
This week we've updated several malware configuration extractors including Qakbot, Snake Keylogger, Raccoon Stealer, Icarus Stealer, and ISFB.
This week we've updated several malware configuration extractors such as Qakbot, Snake Keylogger, and Raccoon Stealer. We've also added 2 new extractors to UnpacMe for Icarus Stealer and ISFB.
Icarus Stealer
Icarus is a .NET based information stealer which was recently seen being sold online and distributed in the wild. The malware was also observed deploying the open source r77 rootkit.
An example of the Icarus malware configuration is shown below.
ISFB
ISFB malware has been around for several years and has evolved over several distinct branches of the malware. We've added a configuration extractor for ISFB Main Module.
An example of the malware configuration extracted in UnpacMe is shown below.
As always, if you have any feedback or issues please let us know.
Happy Unpacking!