Retrieving configuration of a Remote Administration Tool (Malware) with radare2 statically

Introduction This article was written during BSidesLV, BlackHat and Defcon events. ** We highly recommend you to try to do the analysis by yourself before looking at this article. Here is a fake one cfd26988d55294870f2676117cf1307ca4acdf8d ** A remote administration tool (also known as a RAT) is a piece of software that allows a remote “operator” to control a system as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, such software is usually associated with criminal or malicious activity.
Uncategorized