Malware, like many complex software systems, relies on the concept of software configuration. Configurations establish guidelines for malware behavior and they are a common feature among the various malware families Unit 42 examine. The configuration data embedded within malware can offer invaluable insights into the intentions of cybercriminals.
However, due to its significance, malware authors deliberately make configuration data challenging to parse statically from the file. Over the past few years, Unit 42 researchers have developed a system to extract internal malware configurations.
Read more…
Source: Palo Alto Unit 42