A robust, multiprocessing-capable, multi-family RAT config parser/config extractor for AsyncRAT, DcRAT, VenomRAT, QuasarRAT, XWorm, Xeno RAT, and cloned/derivative RAT families.
It was suggested to examine using dnfile in place of dotnetpe, as it seems to be better maintained, and may have built-in functionality that will make custom code redundant.
Areas to Test:
[ ] Metadata table parsing
[ ] RVA-to-offset (and vice versa) translations
[ ] Obtaining strings, field names, etc. from #US and #Strings
If it is more efficient or easier to manage these areas using dnfile, then we should move to port the dotnetpe code over to dnfile.
It was suggested to examine using dnfile in place of dotnetpe, as it seems to be better maintained, and may have built-in functionality that will make custom code redundant.
Areas to Test:
If it is more efficient or easier to manage these areas using dnfile, then we should move to port the dotnetpe code over to dnfile.
Issue will be updated as testing is completed.