Skip to content
/ RattyConfigExtractor Public

A python script that extracts the "command & control" server address from Ratty malware

3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

deepinstinct/RattyConfigExtractor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
ratty_config_extractor.py
ratty_config_extractor.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Ratty Config Extractor

Ratty config extractor is a python script that extracts the "command & control" server address from a Ratty JAR file.

This tool was published as part of the blog about polyglot JAR files:

https://www.deepinstinct.com/blog/malicious-jars-and-polyglot-files-who-do-you-think-you-jar

Installation

Clone the repository and install the requirements.

pip install -r requirements.txt

Usage

python3 ratty-decrypt.py <path_to_ratty_jar_file>

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Disclaimer

The code provided is offered as-is and is intended for educational or informational purposes only. The user assumes all responsibility for the use of this code and any consequences that may arise from its use. The creator of this code and its affiliates cannot be held liable for any damages or losses resulting from the use of this code

About

A python script that extracts the "command & control" server address from Ratty malware

Resources

Readme
Activity
Custom properties

Stars

3 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages