hanconfig

command module

v0.0.0-...-66b6c78 Latest Latest Go to latest Published: Dec 3, 2021 License: GPL-3.0 Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

README ¶

hanConfig

hanConfig is a static configuration extractor implemented in Golang for the Hancitor Loader (targeting Microsoft Windows, Malpedia). By default the script will print the extracted information to stdout (verbose output can be enabled with the -v flag). It is also capable of dumping the malware configuration to disk as a JSON file with the -j flag.

Usage

go run hanconfig.go [-j | -v] path/to/unpacked_hancitor.dll

Screenshots

The script itself, running in verbose mode and with JSON output enabled:

A JSON file with the extracted configuration:

Testing

This configuration extractor has been tested successfully with the following samples:

SHA-256	Sample
ab2a474c3fd276095d7db5d78df356a572b1eee397ef1977facd8df214db3db0	Malshare
f4f18fd34162fda6ce4bef18228de8c1bdc1c5285abaf2fa73c1ccbe087a34dd	Malshare

If you encounter an error with HanConfig, please file a bug report via an issue. Contributions are always welcome :)

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

hanconfig.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL