BLISTER Configuration Extractor
Python script to extract the configuration and payload from BLISTER samples.Download blister-config-extractor.tar.gz
This tool provides a Python module and command line tool that will extract configurations from the BLISTER malware loader and dump the results to screen.
The BLISTER Malware Loader
For information on the BLISTER malware loader and campaign observations, check out our blog posts detailing this:
We can easily run the extractor with Docker, first we need to build the image:
Then we run the container with the -v flag to map a host directory to the docker container directory:
We can either specify a single sample with -f option or a directory of samples with -d.
Running it Locally¶
As mentioned above, Docker is the recommended approach to running this project, however you can also run this locally. This project uses Poetry to manage dependencies, testing, and metadata. If you have Poetry installed already, from this directory, you can simply run the following commands to run the tool. This will setup a virtual environment, install the dependencies, activate the virtual environment, and run the console script.
Once that works, you can do the same sort of things as mentioned in the Docker instructions above.
- Customised Rabbit cipher implementation based on Rabbit-Cipher
Created: May 13, 2022