Qakbot Registry Key Configuration Decryptor

This is a decryptor for Qakbot's configuration stored in the registry key

Python 3 requirements

bitstring==3.1.9
hexdump==3.3
pycryptodome==3.12.0
WMI==1.5.1

Usage

Usage: qakbot-registry-decrypt.py [options]

Options:
  -h, --help            show this help message and exit
  -r REGISTRY_PATH, --regpath=REGISTRY_PATH
                        registry path where Qakbot's encrypted data is stored.
                        (e.g. 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Efwramsn')
  -p PASSWORD, --password=PASSWORD
                        password (optional)

Test Sample

MD5: 90aac91ba4336bdb252dee699d32d78d https://www.virustotal.com/gui/file/edfe1d500855331f71ef12b7e459af1224a5ff3bca89ab7cd0dac930fd77c41a/detection

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
README.md		README.md
qakbot-registry-decrypt.py		qakbot-registry-decrypt.py
requirements.txt		requirements.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Qakbot Registry Key Configuration Decryptor

Python 3 requirements

Usage

Test Sample

About

Uh oh!

Releases

Packages

Uh oh!

Languages

drole/qakbot-registry-decrypt

Folders and files

Latest commit

History

Repository files navigation

Qakbot Registry Key Configuration Decryptor

Python 3 requirements

Usage

Test Sample

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Languages

Packages