UnpacMe Weekly: Extractor Updates

This week we have been working through a maintenance sprint focusing on improving core services in UnpacMe. We have also updated several malware configuration extractors such as Azorult & AsyncRat, and added new extractors for LummaStealer and Remcos.

LummaStealer

LummaStealer was first observed in-the-wild (ITW) in August of 2022. The stealer contains functionality commonly observed in other similar malware families, such as the targeting crypto currency wallets and browser data.

An example of the extracted LummaStealer configuration is shown below.

Example of extracted LummaStealer Configuration

Remcos

Remcos is a Remote Access Trojan (RAT) which has been around for several years. The malware is often distributed by loaders such as PrivateLoader via large scale spam campaigns leveraging.

An example of the extracted Remcos configuration is shown below.

Example of extracted Remcos Configuration

As always, if you have any feedback or issues please let us know.

Happy Unpacking!