AmgdGocha / AutoIT-Remcos Public

Notifications You must be signed in to change notification settings
Fork 1
Star 5

A repo that contains scripts written to automate the de-obfuscation of the AutoIT malware that wraps a Remcos RAT agent, and to automate the extraction and decryption of Remcos configuration.

5 stars 1 fork Branches Tags Activity

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
README.md		README.md
deobfuscator.py		deobfuscator.py
remcos_config_extractor.py		remcos_config_extractor.py

Repository files navigation

AutoIT-Remcos

This repo contains scripts written to automate the following:

De-obfuscation of the AutoIT script that wraps a Remcos RAT agent.
Automating Remcos config extraction and decryption.

Refer to this medium story: https://medium.com/@amgedwageh/analysis-of-an-autoit-script-that-wraps-a-remcos-rat-6b5b66075b87

An example of such AutoIT script: https://malshare.com/sample.php?action=detail&hash=d7fc2b593eac64ff4a46ba9f5864d875be3cb13ec8ef0327d781c5cd1e29b4ac

About

A repo that contains scripts written to automate the de-obfuscation of the AutoIT malware that wraps a Remcos RAT agent, and to automate the extraction and decryption of Remcos configuration.

malware deobfuscation malware-analysis autoit autoit3 remcos

Report repository

Languages

Python 100.0%