DarkGate:

The configuration extractor was tested on the following samples:

e01cf9500da5d233d3f6e64f53933e9a2992c79273b73651a1ecbc6e9417bfeb c0ff92772cdf520a5b9791923bb246cb310be639e452ecbafcf6c3a57d0a5e31

SolarMarker (August 2023):

The payload extractor was tested on the following samples:

a0114420ff98f4f09df676527add4ccaaf4326b4bd0c87b153d1ea71adf50022 250fe7be536bb8674dd7e0e7c4de2ca1e3311ed657181d950dda6590a3bded51

LummaC2

The configuration extractor was tested on the following samples:

111364143d111f5cf817019e3f74d813705e0a6e7e31bd75adda525caf1280a7 c576793ee59fee30fe80d7e66b1ba7608f64432a21954ff18f1c71d52417b0bf c0a7cbf26f34fbcf29cdafcf393ce4765e3cf6707b65c5023888a52c5bbc9b12 1dfca1ff87aa54c7612944ff333fc508d3cad0a21e6c981c0dee3a5d89b7fa1b b803e8d9da6efe7b0220f654c7afb784d21dc222afd4a4e41396e74f861cbf30

Pikabot

The C2 extractor was tested on the following samples:

d3dc0c3741ad8c57498a97ce85b80035e5040e77bb5ebf7a0e24efd88ca72748 6831071b92befb0eeb599271100a68d8fcb0f7c145f8cd4964472c4df57645ab 39d6f7865949ae7bb846f56bff4f62a96d7277d2872fec68c09e1227e6db9206 7573d6d994bd946dcee13354a080c624e58a3aa2c6ac8ffd4a6104640047f519

Parallax RAT

The configuration extractor was tested on the following samples:

80d53ed5f7e3da00fb8ad29dfee6d543c6999fe2ebc15edba549428bdbcb3e26 fc559914b78caad5e44725689eb5d9c54321a14dff517fba5a55ecea89df967a 5644ad897d506f759910ac6e2c611fb506000bbf4c9531f1930b12906ca2b216

IcedID

The IDAPython string decryptor script was tested on the following sample:

8da8913824dda580cd210f4326a69bca