Static configuration extractor for Hancitor Loader

Go Report Card

hanConfig

hanConfig is a static configuration extractor implemented in Golang for the Hancitor Loader (targeting Microsoft Windows, Malpedia). By default the script will print the extracted information to stdout (verbose output can be enabled with the -v flag). It is also capable of dumping the malware configuration to disk as a JSON file with the -j flag.

Usage

go run hanconfig.go [-j | -v] path/to/unpacked_hancitor.dll

Screenshots

The script itself, running in verbose mode and with JSON output enabled:

A JSON file with the extracted configuration:

Testing

This configuration extractor has been tested successfully with the following samples:

SHA-256 Sample
ab2a474c3fd276095d7db5d78df356a572b1eee397ef1977facd8df214db3db0 Malshare
f4f18fd34162fda6ce4bef18228de8c1bdc1c5285abaf2fa73c1ccbe087a34dd Malshare

If you encounter an error with HanConfig, please file a bug report via an issue. Contributions are always welcome :)

Owner
Marius Genheimer
Computer Science Student (IT-Sec) | Malware Analysis and Reverse Engineering
Marius Genheimer
Similar Resources

ZAR File (Zip-Archiv) Archive Extractor in Golang

unzar - extractor for Zip-Archiv (ZAR) files A proprietary format by Peter Troxler. These files are DCL imploded with some basic header. Requires To b

Jan 8, 2022

RIFF file extractor written in Go.

RIFF file extractor written in Go.

RIFF-Extractor RIFF file extractor written in Go. This was written for Dying Light 2, but should also work for other games. I wasn't able to find any

Aug 1, 2022

Statika is simple static site generator(SSG) written in go emphasizing convention over configuration

Statika Statika is simple static site generator(SSG) written in go emphasizing convention over configuration. This is a newer version of my original s

Dec 13, 2022

Simple, useful and opinionated config loader.

aconfig Simple, useful and opinionated config loader. Rationale There are many solutions regarding configuration loading in Go. I was looking for a si

Dec 26, 2022

AWS environment config loader

awsenv AWS environment config loader. awsenv is a small binary that loads AWS environment variables for an AWS profile from ~/.aws/credentials - usefu

Nov 28, 2022

A local LKM rootkit loader/dropper that lists available security mechanisms

A local LKM rootkit loader/dropper that lists available security mechanisms

A local LKM rootkit loader Introduction This loader can list both user and kernel mode protections that are present on the system, and additionally di

Dec 12, 2022

Another Go shellcode loader designed to work with Cobalt Strike raw binary payload.

Another Go shellcode loader designed to work with Cobalt Strike raw binary payload.

Bankai Another Go shellcode loader designed to work with Cobalt Strike raw binary payload. I created this project to mainly educate myself learning Go

Dec 29, 2022

Experimental Monika After Story persistent data loader written in Go

Go Persistent Loader This project is an experiment on loading/deserializing Monika After Story persistent (save) file into memory. Currently it contai

May 10, 2022

donLoader is a shellcode loader creation tool that uses donut to convert executable payloads into shellcode to evade detection on disk.

donLoader WARNING: This is WIP, barely anything was tested properly. Use at your own risk. Description donLoader is a shellcode loader creation tool t

Sep 20, 2022

Advent of Code Input Loader, provide a session cookie and a problem date, returns a string or []byte of the input

Advent of Code Get (aocget) A small lib to download your puzzle input for a given day. Uses your session token to authenticate to obtain your personal

Dec 9, 2021

A simple multi-layered config loader for Go. Made for smaller projects. No external dependencies.

gocfg ⚠️ Work in progress! A simple multi-layered config loader for Go. Made for smaller projects. No external dependencies. Example From main.go: //

Dec 26, 2021

A simple multi-layered config loader for Go. Made for smaller projects. No external dependencies.

config ⚠️ Work in progress! A simple multi-layered config loader for Go. Made for smaller projects. No external dependencies. Installation go get -u g

Dec 26, 2021

Golang config.yaml loader

Description goconfig is a configuration library designed using the following pri

May 31, 2022

Go C-based plugins loader

dlplugin This package is based on the official Go plugin package, but modified to use any dynamic C libraries (Only Linux, FreeBSD, and macOS). It pro

Sep 6, 2022

A Go (golang) environment loader (which loads env vars from a .env file)

A Go (golang) environment loader (which loads env vars from a .env file)

Feb 8, 2022

INI Loader written in Go

go-ini INI Loader written in Go Single threaded & simple Examples Read all params func (app MyApp) onParam(name string, value string) bool { app.c

Feb 11, 2022

Go-based Docker App Loader

go-loader Go-based Docker App Loader Auto-runs uploaded builds with a Docker Container Structures / Home Page /ping Check Docker Container and show st

Feb 11, 2022

Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration, and automating updates to configuration when there is new code to deploy.

Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration, and automating updates to configuration when there is new code to deploy.

Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories), and automating updates to configuration when there is new code to deploy.

Jan 8, 2023

Utility CLI to convert Spring Boot Yaml configuration into external configuration

boot-config-export Utility CLI to convert Spring Boot Yaml configuration into external configuration (as environment variables). The variables are tra

Nov 17, 2021
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

Lightweight static analysis for many languages. Find bugs and enforce code standards. Semgrep is a fast, open-source, static analysis tool that finds

Jan 9, 2023
Static binary analysis tool to compute shared strings references between binaries and output in JSON, YAML and YARA

StrTwins StrTwins is a binary analysis tool, powered by radare, that is capable to find shared code string references between executables and output i

May 3, 2022
A scanner for running security-related configuration checks such as CIS benchmarks

Localtoast Localtoast is a scanner for running security-related configuration checks such as CIS benchmarks in an easily configurable manner. The scan

Dec 15, 2022
DanaConfig is a static configuration extractor implemented in Golang for the main component of DanaBot
DanaConfig is a static configuration extractor implemented in Golang for the main component of DanaBot

DanaConfig is a static configuration extractor implemented in Golang for the main component of DanaBot (targeting Microsoft Windows). By de

Mar 7, 2022
REconfig-linux is a configuration extractor for the Linux variant of REvil Ransomware.
REconfig-linux is a configuration extractor for the Linux variant of REvil Ransomware.

REconfig-linux is a configuration extractor for the Linux variant of REvil Ransomware. It is capable of extracting the json config from the ELF file and decoding the ransomnote within it. By default the script will write the results to files in the current working directory, but you can also choose to print the config to stdout only by using the -print flag.

Jul 25, 2021
Configuration Extractor for BlackCat Ransomware
Configuration Extractor for BlackCat Ransomware

blackCatConf blackCatConf is a static configuration extractor implemented in Golang for BlackCat Ransomware (targeting Microsoft Windows and GNU/Linux

Nov 28, 2022
Jul 4, 2022
Fastzip is an opinionated Zip archiver and extractor with a focus on speed.

Fastzip is an opinionated Zip archiver and extractor with a focus on speed. Archiving and extraction of files and directories can only occur w

Dec 6, 2022
Command line XML beautifier and content extractor. Similar to jq.
Command line XML beautifier and content extractor. Similar to jq.

Command line XML beautifier and content extractor. Similar to jq.

Dec 25, 2022