UnpacMe Weekly: Extractor Updates

This week we've updated several malware configuration extractors such as Qakbot, Snake Keylogger, and Raccoon Stealer. We've also added 2 new extractors to UnpacMe for Icarus Stealer and ISFB.

Icarus Stealer

Icarus is a .NET based information stealer which was recently seen being sold online and distributed in the wild. The malware was also observed deploying the open source r77 rootkit.

An example of the Icarus malware configuration is shown below.

Example of Icarus Stealer Malware Configuration


ISFB malware has been around for several years and has evolved over several distinct branches of the malware. We've added a configuration extractor for ISFB Main Module.

An example of the malware configuration extracted in UnpacMe is shown below.

Example of ISFB Main Module Configuration

As always, if you have any feedback or issues please let us know.

Happy Unpacking!