Retrieving configuration of a Remote Administration Tool (Malware) with radare2 statically

Introduction This article was written during BSidesLV, BlackHat and Defcon events. ** We highly recommend you to try to do the analysis by yourself before looking at this article. Here is a fake one cfd26988d55294870f2676117cf1307ca4acdf8d ** A remote administration tool (also known as a RAT) is a piece of software that allows a remote “operator” to control a system as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, such software is usually associated with criminal or malicious activity.